Browsing Category: Microsoft

Researchers Ponder When to Notify Users of Public Vulnerability Exploits

Categories: Microsoft, Vulnerabilities

Regardless of which sect or splinter cell you belong to in the disclosure debate, for most people it all comes down to finding the most effective way to get a fix published and in the hands of users as quickly as possible. But the lines get a little blurry when the discussion veers into the appropriate moment to tell the public that a given vulnerability is being actively exploited.

Read more...

Microsoft Warns of New IE Zero Day, Exploit in the Wild

Categories: Microsoft, Web Security

Microsoft is looking into reports of targeted attacks against a new vulnerability that exists in all supported versions of Internet Explorer. The attacks are targeting IE 8 and 9 and there’s no patch for the vulnerability right now, though Microsoft has developed a FixIt tool for it.

Read more...

Jumping Out of IE’s Sandbox With One Click

Categories: Microsoft

Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security[...]

Read more...