A few days after MIcrosoft released a patch to fix a vulnerability in ASP.NET that could enable a denial-of-service attack, someone has released exploit code for the vulnerability.
Browsing Category: Microsoft
Microsoft said in a post on the Technet Web site that it plans to release seven security bulletins on Tuesday, fixing eight security holes in a variety of products. Among them will be a fix for a new class of software vulnerability – the “Security Feature Bypass,” which could be used by attackers to make other exploits more potent, Microsoft said.
Microsoft plans to issue seven security bulletins in the January Patch Tuesday release next week, fixing six vulnerabilities rated important and one rated critical. The bugs affect a variety of products, including Windows XP, Vista, Windows 7, Server 2003 and 2008 and Microsoft Developer Tools and Software.
Recent data shows that the share of Web traffic in the U.S. that’s being viewed on the troubled Internet Explorer Version 6 browser has finally dropped beneath 1%, and nobody is happier about it than parent company, Microsoft, which launched a program to eradicate IE6 back in March, 2011.
It’s that most un-wonderful time of the year: the time when everyone writes fluffy articles full of lists, retrospectives and look-aheads. Even we did it. Many of these lists involve some variation on the theme of most overhyped or least organic or or most awesomest or lowest fat content. This article is not those articles.
An ongoing analysis of the Duqu malware by researchers at Kaspersky Lab finds many links between the two pieces of malicious code and casts doubt on the conventional wisdom about Stuxnet’s origins.
Fake antivirus software, or “scareware” scams have been one of the tried and true methods that crooks have used to make illegal profits online in recent years.
UPDATED Microsoft on Thursday plans to release an emergency out-of-band update to address a vulnerability in ASP.NET that could allow an attacker to consume all of the resources on a vulnerable server with a single specially designed HTTP request. The vulnerability affects a wide range of Web platforms are vulnerable to this attack, and Microsoft officials said they’re releasing the patch now because they’re expecting exploit code to be released in the near future.
Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia.
Peddlers of ransomware are increasing their effectiveness by tailoring region-specific versions of a scam that impersonates local police.