Today's Patch Day is the largest so far for 2013, with Microsoft releasing 13 security bulletins. While it doesn't break any records (that Patch Day was probably the 17 bulletin one in April 2011), it's still nothing to sneeze at. Here's today's patch break down. Microsoft's 13 bulletins fix around 47 security vulnerabilities affecting the following products: Internet … [Read more...]
Microsoft Office Updates Fix ActiveX Controls and Outlook
Summary: These vulnerabilities affect: Microsoft Office 2002, 2003, and 2007 (Windows only) or the components that ship with it How an attacker exploits them: Multiple vectors of attack, including enticing your users to a malicious website, or into opening a malicious attachment. Impact: Various results; in the worst case, an attacker can gain complete control of your … [Read more...]
Code Execution Vulnerability in Outlook Express and Windows Mail
Summary: This vulnerability affects: The email client shipping with any current version of Windows (whether it's Outlook Express or Windows Mail) How an attacker exploits it: By enticing one of your users to connect to a malicious POP3 or IMAP email server (or by performing a man-in-the-middle attack) Impact: An attacker can execute malicious code, potentially … [Read more...]