Severity: Medium 8 February, 2011 Summary: This vulnerability affects: Visio 2002, 2003, and 2007 (not 2010) How an attacker exploits it: By enticing one of your users into opening a maliciously crafted Visio document Impact: An attacker can execute code, potentially gaining complete control of your users' computers What to do: Deploy the appropriate Visio patch as soon as … [Read more...]
Microsoft Black Tuesday: A dozen bulletins fix 22 vulnerabilities (but not the zero day MHTML flaw)
As expected, Microsoft posted their first big patch day of 2011 today (the last one was small). Unfortunately, the dozen security updates they released do not fix the unpatched MHTML flaw, which I mentioned in last week's early notification. Even so, the released updates fix many serious flaws. You should start upgrading as soon as you can. According to their Bulletin Summary … [Read more...]
Beware Malicious Publisher and Visio Documents
Summary: These vulnerabilities affect: All current version of Microsoft Office Publisher and Visio How an attacker exploits them: By enticing you to open maliciously crafted Publisher or Visio documents Impact: An attacker can execute code, potentially gaining complete control of your computer What to do: Install the appropriate Office Publisher and Visio patches … [Read more...]