Summary: This vulnerability affects: Adobe Reader and Acrobat X 10.1.1 and earlier, on Windows, Mac, and UNIX computers How an attacker exploits it: By enticing your users into viewing maliciously crafted PDF documents Impact: An attacker can execute code on your computer, potentially gaining control of it What to do: Windows users should install Adobe's Reader and Acrobat … [Read more...]
Archives for January 2012
Half a Dozen Windows Updates; One Critical
Bulletins Affect Windows Media components, CSRSS, SSL/TLS, and More Severity: High Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it How an attacker exploits them: Multiple vectors of attack, including enticing your users to download and open malicious media, documents, or other files. Impact: Various results; in the … [Read more...]
Seven Microsoft Security Bulletins in January; Two Fix Issues in Security Mechanisms
Like clockwork, Microsoft has posted the first Patch Day of the new year. In a word, I'd summarize it as average. As they forewarned in their advanced notification last week, Microsoft released seven security bulletins today, which include six updates for Windows and one update for a Microsoft development tool (specifically an AntiXSS library). They only rate one of the … [Read more...]
Microsoft Kicks Off 2012 Patch Day with Seven Updates; Six for Windows
I hope Microsoft administrators had a relaxing and enjoyable holiday and New Years, because now it's time for them to roll-up their sleeves and get back to work. According to their advanced notification post, Microsoft plans to release seven security bulletins on Tuesday, January 10. Six of the bulletins fix flaws in Windows or its components, while the remaining bulletin … [Read more...]
Automated SQLi Attack Hijacks Over 1 Million Websites
In past, malicious web sites seemed relegated to the "bad neighborhoods" of the Internet. If you weren't surfing piracy, pornography, or hacking sites, you probably wouldn't have randomly encountered websites serving malicious code back then. Unfortunately, that has changed. Over the years, legitimate web sites have increasingly been hijacked, and booby-trapped with malicious … [Read more...]