Internet Explorer cross-domain policy bypass

Overview Internet Explorer contains a flaw that may allow an attacker to bypass cross-domain policies. Yosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a...

Ali security research labs: IIS server vulnerability analysis-vulnerability warning-the black bar safety net

4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...

Patched Windows Machines Exposed to Stuxnet LNK Flaw All Along

A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability CVE-2015-0096. It is unknown...

Hidden 1 5 years of the JasBug vulnerability affects all versions of windows System-vulnerability warning-the black bar safety net

A few days ago Microsoft just released a critical patch to fix one up to 1 5 years, the vulnerability, the hacker exploits the vulnerability can remotely hijack the user's computer, regardless of whether the computer is running any version of windows System. This serious...

Bypassing Windows Security by modifying 1 Bit Only

Among several vulnerabilities, Microsoft on Tuesday patched a critical vulnerability that could be exploited by hackers to bypass security measures on all versions of Windows operating systems from XP to Windows 10, just by modifying a single bit. The local privilege escalation vulnerability...

Podcast Discussing WordPress Security, Anti-Surveillance

Dennis Fisher and Mike Mimoso talk about the news from the past week, including the out-of-band Microsoft patch, the compromised Joomla and WordPress plug-in attack campaign and the Detekt anti-surveillance tool.​ Download: digitalunderground172.mp3 Music by Chris Gonsalves...

CVE-2 0 1 4-1 7 7 2 – Internet Explorer Use After Free vulnerability detailed analysis-vulnerability warning-the black bar safety net

http://blog.trendmicro.com/trendlabs-security-intelligence/root-cause-analysis-of-cve-2014-1772-an-internet-explorer-use-after-free-vulnerability/ Translated from TrendLabs ! /Article/UploadPic/2014-11/2014111310206615.jpg We often see a wide variety of vulnerabilities, from the user-after-free...

Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO

Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization NATO, Ukrainian and Polish government agencies, and a variety of sensitive European industries over...

September 2014 Microsoft Patch Tuesday advance notification

Microsoft today announced a relatively light load of patches will be delivered on Patch Tuesday next week, along with some numbers that demonstrate public vulnerability disclosures continue to rise. Four security bulletins, one rated critical, are scheduled to be released next Tuesday. In what’s...

Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/7116/info The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function RtlDosPathNameToNtPathNameU and may be exploited through other...

Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1282/info Windows Media Encoder is part of Windows Media Services. It's purpose is to convert content into a suitable format for video or audio streaming through the Media Services. If a specially malformed request is sen...

MS Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/5586/info The Microsoft Word and Excel INCLUDETEXT Field Code may be used to insert an arbitrary local file into a document. The INCLUDETEXT Field Code is reported to, under some circumstances, present a security threat. ...

February 2014 Microsoft Patch Tuesday Security Bulletins

The expected continued respite from deploying Internet Explorer patches was apparently a mirage as Microsoft changed course from last Thursday’s advance notification and added two more bulletins to the February 2014 Patch Tuesday security updates, including the first IE rollup of 2014. IE had...

MS13-071: Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)

The version of Windows on the remote host is affected by a code execution vulnerability due to a flaw in the handling of specially crafted Windows theme files. An attacker could exploit this issue to execute arbitrary code by enticing a user to apply a specially crafted Windows theme. C Tenable...

Faulty Microsoft Exchange Server 2013 Patch Pulled Back

Microsoft announced Wednesday afternoon that it has pulled MS13-061, one of the patches issued yesterday for vulnerabilities in Exchange Server 2013. Microsoft said the patch is causing issues with the content index for mailbox databases. Organizations would still be able to send and receive emai...

Attackers Targeting MS13-055 IE Vulnerability

Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that’s being used is capable of bypassing both ASLR and DEP...

MS13-048: Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)

The remote host contains a flaw in the way the Windows kernel handles certain page fault system calls. Successful exploitation could allow disclosure of kernel memory, which could aid in further attacks. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66864;...

Adobe Reader X vulnerable to sandbox bypass

Overview Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary...

MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

The version of Windows Essentials 2011 or 2012 installed on the remote host has an information disclosure vulnerability. Windows Writer, part of Windows Essentials, fails to properly handle specially crafted URLs. A remote attacker could exploit this by tricking a user into opening a maliciously...

Metasploit Module Released for Patched Honeywell ICS Vulnerability

Metasploit today released an exploit module for a serious vulnerability in Honeywell industrial control system software used to manage everything from HVAC and building access systems, to energy and facilities management processes. The vulnerability was reported by Rapid7 researcher Juan Vazquez ...