Microsoft has announced that it plans to release eight patches next week as part of October’s Patch Tuesday release, addressing flaws in its Windows, Internet Explorer, .NET Framework, Office, Server and Silverlight software.
Browsing Category: Microsoft
Regardless of which sect or splinter cell you belong to in the disclosure debate, for most people it all comes down to finding the most effective way to get a fix published and in the hands of users as quickly as possible. But the lines get a little blurry when the discussion veers into the appropriate moment to tell the public that a given vulnerability is being actively exploited.
Guest contributor Andrew Storms reflects on a decade of Patch Tuesday. The Microsoft initiative turns 10 next week.
A Metasploit exploit module has been released for the zero-day vulnerability in Internet Explorer. The flaw has been exploited in attacks against Japanese targets, and expert think the availability of a Metasploit exploit could accelerate attacks.
Microsoft’s latest Law Enforcement Requests Report shows that no requests for Skype user content were made in the first half of 2013.
The latest Internet Explorer zero day is being used in a watering hole attack where local media sites in Japan have been compromised and serving exploits. The targets are government, high tech and manufacturing workers.
Microsoft is looking into reports of targeted attacks against a new vulnerability that exists in all supported versions of Internet Explorer. The attacks are targeting IE 8 and 9 and there’s no patch for the vulnerability right now, though Microsoft has developed a FixIt tool for it.
Critical SharePoint patches must be prioritized according to experts commenting on Microsoft’s September 2013 Patch Tuesday security bulletins.
Microsoft is expected to release critical patches for vulnerabilities in Office and SharePoint for its September Patch Tuesday release next week.
Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security[...]