Microsoft Updates August 2013

Today, Microsoft released a set of eight security Bulletins (MS13-059 through MS13-066) for a broad variety of vulnerable technologies and exploit categories. The critical vulnerabilities are not known to be exploited publicly at the time of Bulletin release. The more interesting Bulletins… Read Full Article

March 2013 Microsoft Security Bulletins – Low Impact from Pwn2Own, Watch USB Drives for Another Stuxnet

Microsoft releases nine March Security Bulletins. Four of the Bulletins are rated critical, but of the 20 vulnerabilities being patched, 12 are rated critical and enable remote code execution and elevation of privilege. Microsoft software being patched with critical priority include Internet Explorer, Silverlight, Visio Viewer, and SharePoint. So, pretty much every consumer running Windows, and lots of Microsoft shops, should be diligently patching systems today.

Read Full Article

no-image

December 2012 Microsoft Security Bulletins – IE, MSWord, Font Parsing, and More

The folks at the Microsoft Security Response Center are winding down 2012 with another full release of seven Security Bulletins containing fixes for memory corruption on application, server, and system code along with a Certificate Bypass problem and set of fixes for Oracle Outside In software components. Within the seven Bulletins, they are patching at least 11 vulnerabilities, accurately described in the Advanced notification for this month. The MSRC recommends that their Internet Explorer (MS12-077) and Microsoft Word (MS12-079) updates are addressed asap. Read Full Article

The Current Web-Delivered Java 0day

The Java 0day that we have been monitoring and preventing for the past week has been irresponsbily reported on other blogs, with early links to known sites serving the 0day. In itself, the race to publish on this 0day that will be assigned CVE-2012-4681, a problem with processing access control within “protection domains” is irresponsible. Would you encourage folks to walk down a mugger’s dark alley with no protection or would you work to communicate the muggers’ whereabouts to the right folks and work on lighting the alley or giving better directions? Would you provide that mugger with some new weapons that they haven’t considered? The efforts this time around seem misplaced.

Read Full Article