vulnerabilities


Windows Bitlocker Open to Attack

An attacker with access to the target computer simply boots from a USB
flash drive and replaces the BitLocker bootloader with a substitute
bootloader which mimics the BitLocker PIN query process but saves the
PINs entered by the user to disk in unencrypted form. Read the full article. [The H Security]

Critical Adobe Flash Patch Coming

Here’s an important security heads-up to all computer users: Adobe plans to ship a critical Flash Player update next Tuesday to fix multiple serious security vulnerabilities.The patches will be released alongside updates from Microsoft and will affect all platforms — Windows, Mac OS X and Linux.

Latest MS Patches Causing Black Screen of Death

The IDG News Service is reporting that Microsoft’s latest round of security patches appears to be causing some PCs to seize up and display a black screen, rendering the computer useless. The problem affects Microsoft products including Windows 7, Vista and XP operating systems.


For years, Adobe Systems has occupied a quiet corner of the personal-computer industry. Photographers and designers use its software to clean up photos and set up Web sites. Workers everywhere trade electronic documents formatted with Adobe’s programs, often without knowing the company behind the software.  Now Adobe is attracting the unwanted attention of hackers — and security experts are concerned the company isn’t doing enough to repel assaults. Read the full story [BusinessWeek] 

A
high-profile online advertising Web site has been hacked and rigged to
serve multiple exploits to Microsoft Windows users surfing the net with
unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net,
which is described as a high-profile advertiser on the Internet realm. 
The site has been firing an assortment of exploits for several months,
including exploits for vulnerabilities in Microsoft DirectShow and
Adobe PDF Reader.  Read the full advisory [websense.com]

As
part of its scheduled batch of patches for November, Microsoft today
issued six security bulletins with fixes for a total of 15
vulnerabilities affecting its Windows and Office product lines.

Three of the six bulletins are rated “critical,” meaning they can be
used to launch remote code execution or worm attacks without any user
action.  One of the Windows vulnerabilities could expose users to
drive-by malware attacks via the browser, Microsoft warned.

Microsoft plans to release six security bulletins next Tuesday
November 10 to fix at least 15 serious vulnerabilities that could
expose Windows users to malicious hacker attacks.
According to Microsoft’s advance notice
for this month’s Patch Tuesday, the updates will address gaping holes
in the Windows operating system and the Microsoft Office productivity
suite.  Read the notice from Redmond [microsoft.com]

Sun Microsystems and Research In Motion have issued critical bug fixes for security issues with their products.  Both updates include fixes for critical security bugs that could be abused by attackers to run unauthorized software on a victim’s computer, although none of the flaws appear to have been publicly known before Tuesday. Read the full story [IDG News Service/Robert McMillan]

Windows Vista is dramatically more secure than Windows XP, according Microsoft’s latest Security Intelligence Report. The infection rate of Windows Vista SP1 was 61.9 percent less than Windows XP SP3, the company said.The report covers the first half of 2009 and is the seventh such twice-yearly report the company has issued.  The study found that for all Microsoft operating systems that the most current service pack is always the least infected, based on infections per 1,000 computers running each OS. Windows 7 was not included in the report. Read the full report [Network World]

Microsoft Corp. pours more money into software security than any other
major vendor both because it has to and because it can. Yet for all the
investments in security, the number of vulnerabilities discovered in
the company’s products has increased over the years, prompting
questions over whether the company has reached the limits of its
ability to debug software. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.