UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup[…]
Browsing Tag: Microsoft
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero[…]
Researchers at Cisco spotted a recent malvertising campaign where victims were redirected by ads on the AppNexus network to sites hosting the Angler Exploit Kit and exploits against Silverlight vulnerabilities.
Microsoft issued advisories informing users they can now disable RC4 in .NET, in addition to additional credential protection for Windows and that it had revoked digital signatures for four UEFI modules.
Microsoft pushed its largest batch of Patch Tuesday updates so far this year today – eight bulletins, two critical – addressing important 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework.
Microsoft will patch Internet Explorer again one week after an out-of-band patch for a zero-day vulnerability in the browser.
Microsoft’s latest Security Intelligence Report identifies two malware families, Rotbrow and Brantall, previously thought to be benign that have been dropping the Sefnit botnet.
Microsoft released an out-of-band emergency security update for a zero day in Internet Explorer. The patch is available to unsupported Windows XP machines as well.
Researchers used crash reports sent via Windows Error Reporting to uncover two components likely being exploited by the latest Internet Explorer zero day vulnerability.
There’s a new zero-day vulnerability in many of the current versions of Internet Explorer and is being used in active attacks right now.