Over the weekend, Microsoft released a critical security advisory warning customers of a serious new zero day vulnerability in Internet Explorer (IE), which attackers are exploiting in the wild. Around the same time, Kaspersky also noted an attack campaign leveraging a new Adobe Flash zero day flaw, which Adobe patched today. I'll discuss both issues below, starting with the IE … [Read more...]
The Heartbleed OpenSSL Vulnerability; Patch OpenSSL ASAP
On Monday, the OpenSSL team released a critical update for their popular SSL/TLS package, which fixes a serious cryptographic weakness in their product. If you use OpenSSL, you should read up on this issue and update OpenSSL immediately. WatchGuard products, like many others that use OpenSSL, are affected by this issue. We are currently working on updates to fix the … [Read more...]
Out-of-Cycle Word FixIt Corrects Zero Day Vulnerability
If you're worried about spear phishing attacks (and if you're not, you should be), grab Microsoft's emergency FixIt to mitigate a zero day vulnerability attackers are exploiting in the wild. In a security advisory released yesterday, Microsoft warned of a zero day vulnerability in Word, which attackers are exploiting in what Microsoft describes as limited, targeted attacks. … [Read more...]
Grab Adobe and Microsoft's Emergency Flash and IE Fixes
Let's start with the short version. Yesterday, both Microsoft and Adobe released out-of-cycle updates to fix zero day security vulnerabilities that advanced attackers are exploiting in the wild via "watering hole" campaigns. If you use these products and haven't installed the updates, go get the Flash and Internet Explorer (IE) fixes now! The slightly longer story is early … [Read more...]
Microsoft Black Tuesday: Updates Correct One of Two Zero day
Today's the second Tuesday of the month, which means it's Microsoft (and Adobe) Patch Day. One of Microsoft updates fixes a zero day vulnerability, so we recommend you install at least that one as quickly as possible. According to their summary post for November 2013, Microsoft released eight security bulletins today, fixing 18 security flaws in products like Internet Explorer … [Read more...]