Severity: High Summary: These vulnerabilities affect: All current versions of Windows How an attacker exploits them: Multiple vectors of attack, including enticing users to view maliciously crafted fonts or to view directories with specially crafted files or folder names Impact: In the worst case, an attacker can gain complete control of your Windows computer What to do: … [Read more...]
Nasty RTFs Nudge Word Into Submission
Severity: High Summary: These vulnerabilities affect: Word (and Office) 2003 through 2010 for Windows (and related components) How an attacker exploits it: By enticing one of your users to open a malicious RTF document Impact: In the worst case, an attacker executes code on your user's computer, gaining complete control of it What to do: Install Microsoft's Word update as … [Read more...]
Avoid Drive-by Downloads; Patch IE
Severity: High Summary: These vulnerabilities affect: All current versions of Internet Explorer (IE) How an attacker exploits them: By enticing one of your users to visit a malicious web page Impact: An attacker can execute code on your user's computer, often gaining complete control of it What to do: Install Microsoft's IE updates immediately, or let Windows Automatic … [Read more...]
Exchange Server Code Execution and DoS Flaws
Severity: High Summary: These vulnerabilities affect: Exchange Server 2007 and 2010 How an attacker exploits it: By enticing an email user to preview a specially crafted email attachment or to visit a malicious RSS feed. Impact: An attacker can execute code with the restricted privileges of the LocalService account, or crash your email server What to do: Deploy the … [Read more...]
Microsoft Black Tuesday: Patch Before the Holidays
If you're anything like me, your late December schedule is quickly filling with holiday parties, family activities, and seasonal days off. This means if you want to secure your Microsoft environment before the end of the year, you better get started earlier rather than later. Today, Microsoft released seven security bulletins fixing at least 11 vulnerabilities in many of their … [Read more...]