If you're anything like me, your late December schedule is quickly filling with holiday parties, family activities, and seasonal days off. This means if you want to secure your Microsoft environment before the end of the year, you better get started earlier rather than later. Today, Microsoft released seven security bulletins fixing at least 11 vulnerabilities in many of their … [Read more...]
Four Updates Repair Office and Server Software Vulnerabilities
Severity: High Summary: These vulnerabilities affect: Microsoft Office related products, including Word, Works, Sharepoint, InfoPack, Communicator, Lync, Groove, and more How an attacker exploits them: Multiple vectors of attack, including enticing users to click specially crafted links, or to open specially crafted documents Impact: In the worst case, an attacker can gain … [Read more...]
Word, Visio, and Excel Suffer from Document Handling Vulnerabilities
Severity: High Summary: These vulnerabilities affect: Most current versions of Microsoft Office for Windows and Mac, and related products like Visio Viewer and the Office Compatibility Packs How an attacker exploits them: Typically, by enticing you to open maliciously crafted Office documents Impact: An attacker can execute code, potentially gaining complete control of your … [Read more...]
Microsoft Black Tuesday: May Brings Windows, Office and .NET Patches
Microsoft has offered its May security updates to the masses. As expected, the theme this month seems to revolve around Office document parsing vulnerabilities. If you use Office in your network, you will want to apply these updates as soon as possible. In their May security bulletin summary, Microsoft highlights seven security bulletins that fix 23 vulnerabilities in four … [Read more...]
Another Month, Another Zero Day Flash Vulnerability
According to an Adobe security advisory, Flash Player suffers from a zero day vulnerability, which attackers are currently leveraging in the wild to execute malicious code on victim computers. It seems like just last month I described this exact same zero day Adobe Flash vulnerability.... oh, wait. That's because I did! Ok, fine. They aren't technically exactly the same, but … [Read more...]