Flaws in Kernel and Kernel-mode Drivers Severity: High Summary: These vulnerabilities affect: Windows XP, 7, Server 2003, and Server 2008 How an attacker exploits them: By running a malicious program locally or by tricking a user into running something they shouldn't Impact: In the worst case, a local attacker can gain complete control of your Windows computer What to do: … [Read more...]
Seven Windows Updates Fix Three Critical Flaws, Including Duqu 0day
Bulletins Affect Kernel-Mode Drivers, Windows Media Player, Active Directory, and More Severity: High Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it How an attacker exploits them: Multiple vectors of attack including enticing your users to malicious web sites, or into opening booby-trapped files Impact: Various … [Read more...]
Microsoft Patch Tuesday: Updates Fix Zero Day Windows Duqu Flaw & Many Others
Santa Microsoft has come to town with a bag full of software updates for all the nice Windows administrators out there. I recommend you download, test, and install them as soon as possible. That way you can enjoy a merry, stress-free, and secure Christmas this year. According to their summary post, Microsoft released 13 security bulletins today -- one less than the 14 they … [Read more...]
Duqu Malware Leverages a Zero Day Windows Kernel Flaw
Over the past year, I spoken a lot about Advanced Persistent Threats (APT), like Stuxnet, at presentations I've given around the world. In fact, one of my security predictions for this year concerned the increase in APTs (both as a true threat, and an overused term). If you've paid attention to security news over the past few weeks, you've probably read about a new piece of … [Read more...]