Over the weekend, Microsoft released a critical security advisory warning customers of a serious new zero day vulnerability in Internet Explorer (IE), which attackers are exploiting in the wild. Around the same time, Kaspersky also noted an attack campaign leveraging a new Adobe Flash zero day flaw, which Adobe patched today. I'll discuss both issues below, starting with the IE … [Read more...]
Multiple Word Memory Corruptions Make for Malicious Documents
Severity: High Summary: These vulnerabilities affect: Microsoft Office related products, including Word and Outlook How an attacker exploits them: Typically by enticing users to open or interact with maliciously crafted Office documents or email Impact: In the worst case, an attacker can gain complete control of your Windows computer What to do: Install the appropriate … [Read more...]
Trio of Office Updates Fix SharePoint Flaw & ASLR Bypass
Severity: High Summary: These vulnerabilities affect: Microsoft Office and related products, including SharePoint How an attacker exploits them: Varies. Typically by enticing users to visit malicious web content or open Office documents Impact: Many. In the worst case, an attacker can gain complete control of your Windows computer What to do: Install the appropriate … [Read more...]
Office Updates Mend Word and Outlook Vulnerabilities
Severity: High Summary: These vulnerabilities affect: Microsoft Office related products, including Word and Outlook How an attacker exploits them: Typically by enticing users to open or interact with maliciously crafted Office documents or email Impact: In the worst case, an attacker can gain complete control of your Windows computer What to do: Install the appropriate … [Read more...]
Attackers Exploiting a Zero Day in Windows, Office, and Lync
Today, Microsoft released a critical security advisory warning customers of a serious new zero day vulnerability that affects Windows, Office, and Lync. In a nutshell, the vulnerability has to do with how certain versions of Windows, Office, and Lync handle specially crafted TIFF images. If an attacker can trick you into viewing a malicious image, including ones embedded in … [Read more...]
