Browsing Tag: Microsoft

Categories: Malware

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.

Read more...

Categories: Malware

By Sergey Golovanov
Here are some technical details on the Outlook Web Access phishing scheme.
1. The Spam
According to our preliminary research, the spam emails which attacked OWA users, including Kaspersky, were sent using the pushdo botnet – which is based on malware from the Backdoor.Win32.NewRes family. These Trojans spread via spam, social networks (in conjunction with the Koobface family) and through hacked websites.

Read more...

Categories: Vulnerabilities

Since moving to a monthly schedule in October 2003, Microsoft has released about 400 security bulletins based on an informal count of releases in its bulletin archives. The bulletins address about 745 vulnerabilities across almost every Microsoft product.
About 230, or more than half of the bulletins, addressed security vulnerabilities that were described by Microsoft as “critical.” This definition is what Microsoft typically uses for vulnerabilities that allow attackers to take full administrative control of a system from a remote location. Read the full story [Jaikumar Vijayan/Computerworld]

Read more...

Categories: Vulnerabilities

Computerworld’s Gregg Keizer brings word that this week’s record-setting batch of patches from Microsoft actually closed the book on the vexing ATL code library issues that first surfaced in July 2009.
Keizer quotes Ryan Smith, one of the hackers credited with discovering the flaw, as saying that the latest Microsoft Office updates shut the door on the last big attack vector for the ATL vulnerability.  Read the full story [computerworld.com]

Read more...

Categories: Vulnerabilities

Microsoft today released its largest ever batch of Patch Tuesday updates to fix a whopping 34 security holes in a wide range of widely deployed software products.
The latest patch batch covers critical vulnerabilities in software products that are bundled with Microsoft’s dominant Windows operating system (Internet Explorer and Windows Media Player) — and several known security problems (SMB v2 and FTP in IIS) for which functioning exploit code has already been publicly released.

Read more...

Categories: Vulnerabilities

Microsoft is planning a bumper Patch Tuesday next week — 13 bulletins covering 34 security vulnerabilities in a wide range of products. Eight of the 13 bulletins will be rated “critical,” Microsoft’s highest severity rating.

According to Microsoft’s advance notice, the patches coming on October 13 includes fixes for two serious issues that are well-known and already documented — a code execution bug in SMB v2 and a gaping hole in FTP in IIS.

Read more...

Categories: Social Engineering

A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.  Read the full story [Kim Zetter/Wired Threat Level]  More from Dancho Danchev [zdnet.com]

Read more...

Categories: Social Engineering

If you use Microsoft’s free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend. 
In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that the data spill was not the result of a breach of internal Microsoft data, but rather was likely the haul from a phishing scheme.  Read the full story [washingtonpost.com]

Read more...

Categories: Vulnerabilities

Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond.
The Google Chrome Frame, which is presented as a  seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet Explorer, has increased the attack surface for IE users, Microsoft said today.

Read more...

Categories: Compliance

Less than a week after a malicious advertising attack against the New York Times ad servers, Microsoft filed five civil lawsuits against companies allegedly using online advertising to serve malware.
The lawsuits allege that individuals using the business names “Soft Solutions,” “Direct Ad,” “qiweroqw.com,” “ITmeter INC.” and “ote2008.info” used malvertisements to distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users.

Read more...