Microsoft Pushes Emergency Patch For ASP.NET Flaw

Microsoft has released the emergency out-of-band patch for the ASP.NET padding oracle attack, less than two weeks after a pair of researchers discussed the flaw and a reliable attack against it at a security conference in Argentina. The patch for the ASP.NET bug is only available through...

Microsoft to Release Emergency Patch For ASP.NET Bug

Microsoft on Tuesday will release an emergency out-of-band patch for the ASP.NET padding oracle attack that was disclosed earlier this month. The patch will only be available on the company’s Download Center for the time being, however. The company is taking the step of releasing an emergency fix...

Adobe Plans Emergency PDF Reader Patch

On the heels of a Black Hat conference presentation where researcher Charlie Miller provided details of an exploitable vulnerability in Adobe’s PDF Reader software, the company plans to ship an out-of-band patch to ward off malicious hacker attacks. Miller’s presentation did not include technical...

Microsoft to Issue Emergency Patch for Critical Windows Flaw

Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn’t identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for...

Java Zero-Day Attacks In The Wild

Just days after Google researcher Tavis Ormandy released details on a dangerous new Java vulnerability, malicious hackers have pounced and are exploiting the flaw in the wild to launch drive-by download attacks. Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor...

China Hardest Hit by Latest IE Malware Attacks

Computer users in China and Korea were the hardest hit by the latest wave of zero-day malware attacks targeting a flaw in the Internet Explorer browser, according to data released by the Microsoft Malware Protection Center MMPC. The attacks, first spotted on March 9, included Trojan downloaders a...

Microsoft Readies Emergency IE Patch to Thwart Attacks

In the face of an uptick in hacker attacks targeting a zero-day flaw in its Internet Explorer browser, Microsoft has announced plans to ship an emergency IE patch tomorrow March 30, 2010. The out-of-band update comes exactly 21 days after Microsoft said it was aware of targeted attacks against...

Microsoft: Emergency IE Patch Coming

Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser. UPDATE: Here is the official confirmation...

Microsoft Ships Temporary Fix-It for Critical Vista Flaw

With exploit code in circulation and facing a race against time to fix the SMB v2 vulnerability haunting Windows Vista and Windows Server 2008, Microsoft today shipped a one-click “fix-it” workaround to help users avoid malicious hacker attacks. The fix-it package, which was added to Redmond’s...

Researcher Shows Killbit is No Defense on MsVidCtl Flaw

Ryan Smith, one of the researchers who found the bug in the Microsoft MsVidCtl DLL that the vendor is rushing to patch this week, has posted a short video demonstration of a technique that bypasses the stop-gap solution of preventing the vulnerable ActiveX control from loading. In the demo, Smith...

Oracle 2006年10月更新修复多个安全漏洞

Oracle Database是一款商业性质大型数据库系统。 Oracle发布了2006年10月的紧急补丁更新公告，修复了多个Oracle产品中的多个漏洞。这些漏洞影响Oracle产品的所有安全属性，可导致本地和远程的威胁。其中一些漏洞可能需要各种级别的授权，但也有些不需要任何授权。最严重的漏洞可能导致完全入侵数据库系统。目前已知的漏洞包括： 1 以下软件包在处理SQL查询时存在SQL注入漏洞： DBMSXDBZ SDODROPUSERBEFORE MD2 DBMSCDCIMPDP DBMSCDCIPUBLISH DBMSCDCISUBSCRIBE DBMSSQLTUNE...