Severity: Medium 8 February, 2011 Summary: This vulnerability affects: Visio 2002, 2003, and 2007 (not 2010) How an attacker exploits it: By enticing one of your users into opening a maliciously crafted Visio document Impact: An attacker can execute code, potentially gaining complete control of your users' computers What to do: Deploy the appropriate Visio patch as soon as … [Read more...]
Archives for February 2011
Nine Windows Bulletins Correct 15 Security Vulnerabilities
Malicious Thumbnails and Fonts Help Attackers Hack Windows Severity: High 8 February, 2011 Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it How an attacker exploits them: Multiple vectors of attack, including enticing your users into opening specially crafted files, or visiting malicious websites or file shares Impact: … [Read more...]
IIS FTP Service Buffer Overflow Vulnerability
Severity: High 8 February, 2011 Summary: This vulnerability affects: The IIS FTP service running on Windows Vista, 2008, 7, and 2008 R2 How an attacker exploits it: By sending a specially crafted FTP command Impact: In the worst case, an attacker gains complete control of your IIS server What to do: Deploy the appropriate IIS update immediately, or let Windows Automatic … [Read more...]
Cumulative IE Update Fixes Four Code Execution Flaws
Severity: High 8 February, 2011 Summary: This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows How an attacker exploits it: Typically, by enticing one of your users to visit a malicious web page Impact: In the worst case an attacker can execute code on your user's computer, gaining complete control of it What to … [Read more...]
Microsoft Black Tuesday: A dozen bulletins fix 22 vulnerabilities (but not the zero day MHTML flaw)
As expected, Microsoft posted their first big patch day of 2011 today (the last one was small). Unfortunately, the dozen security updates they released do not fix the unpatched MHTML flaw, which I mentioned in last week's early notification. Even so, the released updates fix many serious flaws. You should start upgrading as soon as you can. According to their Bulletin Summary … [Read more...]