Ryan Naraine

Microsoft to Patch 8 Vulnerabilities in Windows, Office

Microsoft has announced plans to ship two security bulletins next week to fix a total of eight vulnerabilities affecting Windows and Office products.Both bulletins are rated “important” because of the risk compromising the confidentiality, integrity or availability of user data.

RSA 2010: Microsoft Floats Idea to Quarantine Infected Computers

A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users.The informal proposal, made Tuesday by Microsoft Vice President of Trustworthy Computing Scott Charney, was short on specifics, such as who would be responsible for monitoring and isolating malware-riddled machines. But he laid out his case for keeping them away from the general populace, comparing such a move to laws that have gone into effect over the past 20 years banning cigarette smoking in public.  Read the full story [The Register]


Apple has hired former Microsoft and Mozilla security specialist Window Snyder to help secure its Mac ecosystem.Snyder, who last worked as Mozilla’s security chief, confirmed she is joining Apple as senior product manager for security.

A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft’s Windows operating system.

The exploit, released by Google security researcher “SkyLined,” uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms. 

Over the last two weeks, security researchers have reported eight different zero-day vulnerabilities in Apple’s Safari browser.Details of these vulnerabilities, all rated “high risk,” have been sold to Tippingpoint’s Zero Day Initiative (ZDI), a program that purchases the rights to vulnerability information in exchange for exclusivity to broker fixes with affected vendors.

Microsoft’s security response team is investigating reports of a potentially dangerous code execution vulnerability in its flagship Internet Explorer browser.

The company warned that an attacker could host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.

Despite widespread calls to boycott IE 6 and Microsoft’s plans to retire support for the browser, 19%
of respondents in a Virus Bulletin poll said that they are still running the browser, whether at home, at work,
or both. In VB’s poll, 15% of respondents said they
were running the browser at work, indicating that, for many
organizations, upgrading is not a priority.  Read the full story [virusbtn.com]

Adobe today shipped a patch for a critical vulnerability in its Download Manager utility, warning that hackers could exploit the issue to take full control of Windows computers.The vulnerability, discovered by Aviv Raff, could potentially allow an attacker to download and install unauthorized software onto a user’s system, Adobe said in an advisory.