New IOS flaw patched
Further accelerating the focus on infrastructure integrity, Cisco on Wednesday released an update to fix a serious so-called heap-overflow vulnerability in its Internetwork Operating System, or IOS. The newly disclosed flaw in IOS was part of a controversial presentation at the Black Hat security confab in July, but Cisco has been able to keep it under wraps until now. The seriousness of this flaw explains the way Cisco handled the Ciscogate incident at Black Hat.
In addition to fixing the heap-overflow vulnerability, Cisco in the IOS update raises the security shields of the software. The new version adds more integrity checks designed to foil any future attacks, the company said in a security advisory.
This brings even more pressure to bear on clients to upgrade/patch their outdated IOS. But this can be a tough task, especially at Internet service providers and organizations that run customized configurations. Too many times in the past, network operators got burned by bad patches and routers not rebooting correctly and it will take a while to have all this worked out.
Related Topics: New critical IOS flaw, Ciscogate:The Lynn interview, Ciscogate:Advice for customers
CATEGORIES: 1IOS, 1vulnerability management, 1patching,1infrastructure,1threats
In addition to fixing the heap-overflow vulnerability, Cisco in the IOS update raises the security shields of the software. The new version adds more integrity checks designed to foil any future attacks, the company said in a security advisory.
This brings even more pressure to bear on clients to upgrade/patch their outdated IOS. But this can be a tough task, especially at Internet service providers and organizations that run customized configurations. Too many times in the past, network operators got burned by bad patches and routers not rebooting correctly and it will take a while to have all this worked out.
Related Topics: New critical IOS flaw, Ciscogate:The Lynn interview, Ciscogate:Advice for customers
CATEGORIES: 1IOS, 1vulnerability management, 1patching,1infrastructure,1threats
0 Comments:
Post a Comment
<< Home