13 matches found
Microsoft Plans to Disable SSLv3 in IE, All Online Services
Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into...
Microsoft Warns of Targeted Attacks on Windows 0-Day
Microsoft is warning users about targeted attacks against a new vulnerability in several versions of Windows and Office that could allow an attacker to take over a user’s machine. The bug, which is not yet patched, is being used as part of targeted attacks with malicious email attachments, mainly...
Internet Explorer zero-day exploit used watering hole attacks to target Japanese users
Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft's Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation...
Internet Explorer zero-day exploit used watering hole attacks to target Japanese users
Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft’s Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation...
IE Zero Day Used in Targeted Attacks Against Japanese Firms
Attackers exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser have compromised several popular local Japanese media outlets and have infected systems belonging to government, high tech and manufacturing organizations in Japan. Researchers at FireEye said the attacks appea...
Microsoft FixIt Tool Blocks Java Attacks in IE
Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in...
Microsoft Issues FixIt For XML Flaw
With attackers already exploiting the MSXML zero-day vulnerability, which affects a wide range of products, Microsoft has issued a FixIt tool for the bug that it is encouraging users to install as they prepare a full patch for the flaw. The vulnerability is a critical one, and, because it’s prese...
Microsoft Releases Workaround For Kernel Flaw Used By Duqu
Microsoft has released a workaround for the Windows kernel zero-day vulnerability exploited by the Duqu malware, and said that it is working on a permanent patch, but didn’t specify a timeline for its release. The vulnerability is a serious one that can lead to remote code execution on vulnerable...
Microsoft Pushes FixIt Tool to Enable Support for Newer TLS Version
Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack. The Microsoft advisory lay...
Microsoft Warns of MHTML Bug in Windows
Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008. Microsoft...
Microsoft Releases FixIt Tool for LNK Flaw
Microsoft has released a FixIt tool for the unpatched LNK Windows shell vulnerability and also has updated its guidance on how to deal with the flaw. The company also said it is continuing to work on developing a patch for the vulnerability. The FixIt tool that Microsoft published Tuesday mitigat...
Microsoft Acknowledges IE7 Flaw
Microsoft has acknowledged a new unpatched vulnerability in Internet Explorer 6 and 7, and said that the company is investigating methods for fixing the flaw. The company said that although there is public exploit code available for the vulnerability, it has not seen any evidence of ongoing attac...
How to Protect Against the MSVidCtl Vulnerability
The ongoing exploitation of the vulnerability in an ActiveX control used by Internet Explorer has created a dangerous situation, as there is no patch yet for the MSVidCtl.dll vulnerability. However, there are several steps you can take to protect yourself against attacks. Microsoft has released a...