April's humongous Microsoft Patch Day is live. As expected, Microsoft released a record-breaking 17 security bulletins today, fixing nine Critical and eight Important flaws in Internet Explorer (IE), Windows, Office, and some development packages. Some highlights from the bulletins include: Updates for Windows' SMB client and server. Trojans, bots, and worms tend to … [Read more...]
Cumulative IE Update Fixes Four Code Execution Flaws
Severity: High 8 February, 2011 Summary: This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows How an attacker exploits it: Typically, by enticing one of your users to visit a malicious web page Impact: In the worst case an attacker can execute code on your user's computer, gaining complete control of it What to … [Read more...]
Microsoft Black Tuesday: A dozen bulletins fix 22 vulnerabilities (but not the zero day MHTML flaw)
As expected, Microsoft posted their first big patch day of 2011 today (the last one was small). Unfortunately, the dozen security updates they released do not fix the unpatched MHTML flaw, which I mentioned in last week's early notification. Even so, the released updates fix many serious flaws. You should start upgrading as soon as you can. According to their Bulletin Summary … [Read more...]
IE Suffers from Five New "Drive-by Download" Vulnerabilities
Summary: This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows How an attacker exploits it: Typically, by enticing one of your users to visit a malicious web page Impact: Various, in the worst case an attacker can execute code on your user's computer, gaining complete control of it What to do: Deploy the … [Read more...]
Cumulative IE Patch Fixes Ten New Security Flaws
Summary: This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows How an attacker exploits it: Usually, by enticing one of your users to visit a malicious web page Impact: Various, in the worst case an attacker can execute code on your user's computer, potentially gaining complete control of it What to … [Read more...]