seguridad windows

Microsoft Warns of Attacks Against ASP.NET Flaw

Microsoft is warning customers that it has seen ongoing attacks against the recently disclosed padding oracle vulnerability in ASP.NET and is encouraging them to implement a workaround that will help protect against the publicly disclosed exploit for the bug.

DLL Hijacking Exploit Code Posted for PowerPoint, Other Apps

A day after Microsoft released information on the remotely exploitable DLL-hijacking vulnerability that affects dozens of Windows applications, researchers are starting to discover exactly which pieces of software are vulnerable. The list so far includes PowerPoint, Wireshark and some applications that are included by default with Windows Vista, and possibly Windows 7.

Microsoft has released a FixIt tool for the unpatched LNK Windows shell vulnerability and also has updated its guidance on how to deal with the flaw. The company also said it is continuing to work on developing a patch for the vulnerability.

Microsoft’s problems with Token Kidnapping [.pdf] on the Windows platform aren’t going away anytime soon.

More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7.

A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft’s Windows operating system.

The exploit, released by Google security researcher “SkyLined,” uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms. 

The first Microsoft patch for 2010 is out, providing cover for a solitary vulnerability in the way Windows handles EOT (Embedded OpenType) fonts.  The update is rated “critical” but Microsoft says there is a low likelihood of exploitation on its newer operating systems.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.