Summary: This vulnerability affects: Adobe Reader and Acrobat 9.3.4 and earlier, on Windows, Mac, and UNIX computers How an attacker exploits it: Typically, by enticing your users into viewing a maliciously crafted PDF document Impact: An attacker can execute code on your computer, potentially gaining control of it What to do: Install Adobe's … [Read more...]
Out-of-Cycle Bulletin Fixes Serious ASP.NET Padding Oracle Vulnerability
Summary: This vulnerability affects: All current versions of Microsoft's .NET Framework How an attacker exploits it: By sending a large number of web requests containing cipher text (and interpreting error responses) Impact: In the worst case, an attacker can gain enough information to read and/or tamper with encrypted data from your web server What to do: … [Read more...]
Seven Windows Updates for an Equal Number of Vulnerabilities: Bulletins Affect Print Spooler, MPEG-4 Codec, RPC, and More
Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it (one flaw also affects Office to some extent) How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network packets, or enticing your users to open malicious media or documents Impact: Various results; in the worst … [Read more...]
Three IIS Flaws Allow Authentication Bypass, DoS, or Code Execution
Summary: This vulnerability affects: IIS 5.1, 6.0, 7.0 and 7.5 How an attacker exploits it: By sending specially crafted HTTP requests or URLs Impact: In the worst case, an attacker can gain complete control of your IIS server What to do: Install Microsoft's IIS update immediately, or let Windows Update do it for you Exposure: Microsoft's Internet Information Services … [Read more...]
Eleven Windows Bulletins Patch 23 Security Vulnerabilities
Bulletins Affect SMB Server, XML Core Services, the Kernel, and More Severity: High Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it (one flaw also affects Microsoft Silverlight) How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network packets, or enticing your users to … [Read more...]