Browsing Tag: Microsoft

Categories: Vulnerabilities

On May 28, our colleagues at The Microsoft Security Response Center released advisory 971778 which elaborated on a new vulnerability in Microsoft DirectShow effecting Windows 2000, Windows XP and Windows Server 2003. You can obtain more details on how to protect your environment from this vulnerability from the Microsoft SRD blog.
We have been closely monitoring the malware landscape for threats related  to leveraging exploits against this new vulnerability. We subsequently developed and released a generic detection for malformed media files, Exploit:Win32/CVE-2009-1537, based on MAPP information provided to us. Also, we have developed detections for the known malicious web pages, as Exploit:JS/Mult.BM or Trojan:HTML/Redirector.I. Our security products, such as Windows Live OneCare, Microsoft Security Essentials, and Forefront Client Security can block access to these malformed media files with signature definition update version 1.59.798 or higher. Read the full story [Microsoft Malware Protection Center].

Read more...

Categories: Web Security

From InfoWorld (Roger Grimes)
Talk about a turnaround. It’s always hard to recognize the larger, slow-moving paradigm shifts as they happen. But after a decade of bad press regarding its commitment to software security, Microsoft seems to have turned the tide. Redmond is getting consistent security accolades these days, often from the very critics who used to call it out. Many of the world’s most knowledgeable security experts are urging their favorite software vendors to follow in the footsteps of Microsoft. Read the full story [InfoWorld.com].

Read more...

Categories: Vulnerabilities

Adobe has issued its first ever scheduled quarterly update for its Reader/Acrobat product line, a bumber patch to cover 13 serious security vulnerabilities.
The patches, which follow Microsoft’s release of fixes for 31 Windows, IE and Office flaws, address “critical vulnerabilities” in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions.  “These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system,” Adobe warned in an advisory.

Read more...