Browsing Category: Microsoft

Malware Signed by Adobe Certificate Only Used in Limited Targeted Attacks

Categories: Malware, Microsoft

Adobe’s revocation of a code-signing certificate that had been used by attackers to sign several malicious utilities sparked concerns in the security community about widespread malware attacks using those utilities. The key concern was that most antimalware systems will implicitly trust files that are digitally signed and so would pass them by without flagging them as malicious. However, security researchers say that the utilities, while still circulating, aren’t being used in large-scale attacks.

Read more...

Hotmail Limits Passwords to 16 Characters

Categories: Microsoft

Passwords, unfortunately, still are the main authentication mechanism on most Web sites, including all of the popular webmail services, such as Hotmail, Gmail and Yahoo Mail. Many sites encourage users to pick complex and long passwords, so it’s surprising to see that Microsoft now has limited Hotmail passwords to no more than 16 characters. Even more surprising, however, is that Hotmail will accept the first 16 characters of an existing, longer password, indicating that the company may have been storing users’ passwords in plaintext.

Read more...

Microsoft Releases Out-Of-Band IE Zero-Day Patch

Categories: Microsoft, Vulnerabilities

As expected, Microsoft today released a cumulative update for Internet Explorer addressing the zero-day vulnerability in the browser being actively exploited in the wild. Security Update MS 12-063 patches not only the critical remote-execution zero-day, but four other vulnerabilities privately disclosed to Microsoft that are not being exploited.

Read more...

Microsoft Will Patch IE Zero-Day on Friday; Fixit Available as Stopgap

Categories: Microsoft, Vulnerabilities

Microsoft announced last night it would issue an out-of-band patch on Friday for a zero-day Internet Explorer vulnerability disclosed earlier this week. In the meantime, Microsoft made a FixIt available on Wednesday that would temporarily mitigate the threat posed by active exploits found in the wild.The out-of-band patch will be available by 1 p.m. ET on Friday, said Yunsun Wee, director of Trustworthy Computing for Microsoft.

Read more...

Researcher Finds Three New Exploits Targeting Latest IE Zero-Day

A researcher at AlienVault has discovered three new servers delivering exploits targeting the latest zero-day vulnerability in Internet Explorer. Jamie Blasco, AlienVault Labs manager, said the one of the servers is delivering a new malware payload, and all of them appear to be targeting defense contractors in the United States and India.

Read more...

Microsoft Recommends Workarounds to Mitigate Latest IE Zero-Day; Patch Still to Come

Microsoft issued a security advisory Monday night and recommended several workarounds to mitigate a zero-day vulnerability in Internet Explorer reported over the weekend that is being exploited in the wild. Microsoft said it is still investigating the vulnerability, and may issue an out-of-band security update to patch the problem, or wait until the next Patch Tuesday update Oct. 9.

Read more...