The latest Internet Explorer zero day is being used in a watering hole attack where local media sites in Japan have been compromised and serving exploits. The targets are government, high tech and manufacturing workers.
Browsing Category: Microsoft
Microsoft is looking into reports of targeted attacks against a new vulnerability that exists in all supported versions of Internet Explorer. The attacks are targeting IE 8 and 9 and there’s no patch for the vulnerability right now, though Microsoft has developed a FixIt tool for it.
Critical SharePoint patches must be prioritized according to experts commenting on Microsoft’s September 2013 Patch Tuesday security bulletins.
Microsoft is expected to release critical patches for vulnerabilities in Office and SharePoint for its September Patch Tuesday release next week.
Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security[...]
Old malware tricks never really die, they just get recycled and passed down to the next generation of attackers. The latest technique to get run through the wayback machine is the use of the right-to-left override character in Unicode, a tactic that enables malware authors to hide the real name of a malicious executable or, in a recent case, a registry key.
Microsoft has re-released one of the August security patches for Windows Server 2008 in order to fix a regression issue that would cause some servers to stop working. The MS13-066 patch was released again Monday after Microsoft discovered the problem last week.
Microsoft has pulled back MS13-061, a critical patch released yesterday for Exchange Server 2013 because it breaks indexing on the messaging server.
Buried in the details of the Microsoft Patch Tuesday release for August is the explanation of an important change that the company made to Windows that defeats a group of exploit mitigation bypasses. The change is a small one, but it prevents dangerous attacks that previously worked on most supported version of Windows.
Microsoft’s August 2013 Patch Tuesday security updates includes patches for critical remote code execution vulnerabilities in a number of products.