You cannot discuss events in October without mentioning Hurricane Sandy - our hearts go out to all who were affected by this storm. October was a busy month for us, it was the first full month after the release of v12.5 of Impact and the Exploit Writing Team was in full force, writing exploits for this new release. This is also the first month we saw a big push from our L3 team to release the custom modules they have generated for individual customers out to the main product. The L3 team is a full-time group of engineers who take customer requests for tweaks to existing capabilities and make them a reality. With these two teams working to produce updates and exploits that are both timely and important to our customers, we produced 39 updates for the month of October. Updates for October 2012 (excluding maintenance updates) Remote Code Execution EMC NetWorker nsrd RPC Service Format String Exploit EMC Replication Manager Client irccd.exe Misconfiguration Exploit HP Intelligent Management Center UAM sprintf Buffer Overflow Exploit HP SiteScope Remote Code Execution Exploit Novell File Reporter NFRAgent PATH Tag Buffer Overflow Exploit Novell File Reporter NFRAgent VOL Tag Buffer Overflow Exploit PHP apache_request_headers Function Buffer Overflow Exploit Symantec Messaging Gateway SSH Support Account Exploit TurboFTP Server PORT Command Buffer Overflow Exploit Client Side Advantech Studio ISSymbol ActiveX Control Buffer Overflow Exploit GE Proficy Historian KeyHelp ActiveX LaunchTriPane Code Execution Exploit HP Lifecycle Management XGO ActiveX SetShapeNodeType Type Method Exploit Oracle Outside In XPM Image Processing Buffer Overflow Exploit Privilege Escalation Libdbus DBUS_SYSTEM_BUS_ADDRESS Variable Local Privilege Escalation Microsoft Windows Sysret Instruction Privilege Escalation Exploit (MS12-042) Included in the non-exploit updates updates were six produced by our L3 team and three modules coded to provide additional ability for our agent to evade anti virus detection. Alex Horan, Senior Product Manager.