Microsoft Vulnerabilities
January 22nd, 2010 admin
Topics:
Microsoft is releasing an out-of-band update for their IE vulnerability. Internet Explorer 6 is affected and is being actively exploited in the wild. The patch will be released on the 21st, today, see Microsoft’s Security Bulletin for additional details. Updated to add : Microsoft Security Bulletin MS10-002 . What version of Internet Explorer do you have installed? ( Poll ) Also in Microsoft news, Security Advisory (979682). There’s a vulnerability in Windows kernel privilege escalation. The vulnerability affects all versions of Windows (NT 3.51 up to Windows 7), on non x64-based systems, unless 16-bit application support is disabled. There’s a workaround for disabling 16-bit support provided in Microsoft’s Security Advisory . Disabling 16-bit applications will mitigate the issue. Then, you’ll be all set. Unless you happen to use a 16-bit…
Related Posts
Updates February 9th will bring numerous Microsoft Updates, 13 bulletins addressing 26 vulnerabilities. All versions of Windows are affected. Looks like a busy Tuesday is ahead. See Microsoft’s Security Bulletin Advance Notification for February 2010 for additional details. Vulnerability There’s also a notable Internet Explorer vulnerability...
Editor’s note: This story has been updated with a link to a Microsoft advisory about the new vulnerability as well as a Microsoft blog post discussing ways for users to reduce their risk of attack. The recent hack attack on Google, Adobe and other companies occurred through exploitation of a zero-day vulnerability that affects many versions...
Microsoft is releasing a cumulative update for its Internet Explorer browser. The update is out-of-band and patches an exploited vulnerability in IE 6 and 7. The update also fixes 9 additional vulnerabilities, and for those, Internet Explorer 8 and Windows 7 are included in the affected software. Automatic updates will therefore be available for most...
Microsoft recently announced it had withdrawn its MS10-025 security update when they found the update didn’t adequately address the underlying issue it was intended to fix. The update and subsequent withdrawal affects only Windows 2000 servers that have the optional Windows Media Service installed. A re-release of the patch is due sometime in...
Blueprints showing attackers how to exploit a previously unknown security hole in versions of Microsoft’s Internet Explorer browser recently were published online. The danger here is if IE users browse to a hacked or booby-trapped Web site that uses the exploit, that site could install malicious software. Microsoft has not yet issued an advisory...
Microsoft discontinued support for Windows XP Service Pack 2 on July 13th , and that means there is no SP2 update for the recent LNK shortcut vulnerability (KB2286198). If you review the comments from this SANS Diary post , you’ll see that there was some initial confusion regarding SP2 support, due to a typo in Microsoft’s Security...
Microsoft just released a patch to address the License Logging Server Heap Overflow Vulnerability (CVE-2009-2523). This vulnerability affects the License Logging Service (LLS), a feature which according to Microsoft is “designed to help customers manage licenses for Microsoft server products that are licensed in the Server Client Access License...
Microsoft has confirmed reports of a security flaw in its Windows operating system that hackers could use to temporarily destabilize Windows 7 PCs. The software giant also acknowledged that blueprints for exploiting the flaw are now available online. At issue is a so-called “denial-of-service” vulnerability in the component of Windows...
The recent hack attack on Adobe occurred through exploitation of a zero-day vulnerability that affects all versions of Internet Explorer, according to a security researcher with a leading anti-virus firm. Microsoft learned about the vulnerability only Wednesday evening and is planning to release an announcement about the vulnerability later today,...
Microsoft released six software updates on Tuesday to fix at least a dozen security vulnerabilities in Windows, Internet Explorer, Windows Server and Microsoft Office. More than half of the flaws earned a “critical” rating, meaning criminals could exploit them to break into vulnerable systems without any help from users. Separately,...
Related Tweets from Twitter
Related News from Digg
Leave a comment
| Trackback
