exploits


Last month, I blogged about Microsoft's monthly Patch Tuesday updates and how it spelled the end for Windows XP. Of course, as many speculated... it wasn't quite the end of the road for XP updates. A critical flaw found in Internet Explorer being actively used in the wild was worrisome enough to Microsoft that they pushed an IE update to include Windows XP users. You can read more about that bug, how it works, and what was done here. Personally, this author wasn't surprised it happened that way - as many sites reported, there are plenty of... [Read More]
by RSS Richard Henderson  |  May 12, 2014  |  Filed in: Industry Trends & News
This month we have patches from Adobe, Microsoft and Oracle launching today: Microsoft Microsoft published their monthly advanced notification for critical and important patches, and this month there are four patches: MS14-001 - Rated Important - affects Microsoft Office and Microsoft Server Software: may allow remote code execution. Patch may require a reboot. MS14-002 - Rated Important - affects Windows: may allow elevation of privilege. Patch requires a reboot. MS14-003 - Rated Important - affects Windows: may allow elevation of privilege.... [Read More]
by RSS Richard Henderson  |  Jan 14, 2014  |  Filed in: Industry Trends & News
Razvan Benchea and Dragos Gavrilut in the middle of their presentation I am very happy to have been at VB 2013 once again. The talks were quite interesting. If you were not able to attend, here's the write-up of some presentations I went to. This post is the first in a three part series. Click here for Part 2 and here for Part 3 Andrew Lee - Ethics and the AV industry in the age of WikiLeaks (Keynote) Andrew showed that surveillance programs were not new (the FISA Act dates back to 1978) and that they exist in numerous countries (not only the... [Read More]
by RSS Axelle Apvrille  |  Oct 10, 2013  |  Filed in: Security Research
With February's Threat Landscape Report out, it's time to highlight some of the most interesting movement happening from late January 2009 to now: New vulnerabilities (NVC) were up nearly three fold, with 117 posted in comparison to 43 from January's edition; 25.6% of these new vulnerabilities were detected to be actively exploited. Two new high-profile zero-day exploits (CVE-2009-0238 and CVE-2009-0658) affecting MS Excel (XLS) and Adobe Reader (PDF) have since been disclosed. Given these facts, and Conficker's success, there is no better time... [Read More]
by RSS Derek Manky  |  Feb 27, 2009  |  Filed in: Security Research