Vulnerabilities


Slideshow: Scenes from SAS 2012

VIEW SLIDESHOW Scenes from SAS 2012At Kaspersky Lab’s Security Analyst Summit last week, over 100 researchers and law enforcement officials converged in Cancun, Mexico over the course of five days to network and discuss a veritable cornucopia of security topics. Topics such as privacy, SCADA and PLC security, tracking cybercriminals and the evolution of malware were discussed in depth.

Microsoft Fixes Critical IE, Windows Bugs with February Patch Tuesday

Microsoft released nine security updates Tuesday, four critical; five important, fixing 21 different holes in various applications with its February patch release. The four critical fixes deal with vulnerabilities in the company’s Windows, Internet Explorer, .NET Framework and Silverlight programs that could allow remote code execution if left unpatched.


Security researchers made good on a promise to release new exploits for programmable logic controllers (PLCs). The exploits include one targeting a flaw in the implementation of the EtherNet/IP (Industrial Protocol) used in many IP-enabled PLCs. The security hole, if left unaddressed, could enable a remote attacker to crash or unexpectedly reboot the devices, which are critical components of almost every industrial – and critical infrastructure installation.

There is another new version of Mozilla Firefox available, and version 10.0.1 includes a fix for a critical security vulnerability in the browser. The flaw is a serious use-after-free flaw in a component of the browser that also exists in Thunderbird, SeaMonkey and other Mozilla products.