Internet Explorer vulnerability exposed by Google Researcher used in targeted attacks

Google and Microsoft are at each other's throats again. In a recent statement, Microsoft says hackers have been actively exploiting a vulnerability that was publicly disclosed by a Google researcher, Tavis Ormandy. Microsoft addressed the vulnerability in its monthly "Patch Tuesday" package of...

TrueType Font Flaws in July 2013 Microsoft Patch Tuesday

Going all the way back to the Duqu attacks, font-parsing vulnerabilities and exploits have been symptomatic of some high-end espionage attacks targeting the Windows kernel. As a result, with hackers paying more attention to the core of the Windows OS, this year Microsoft has had to address a numb...

July 2013 Microsoft Patch Tuesday Security Updates

A critical Windows kernel vulnerability, publicly disclosed in May by a Google security engineer, will be patched tomorrow when Microsoft releases its July Patch Tuesday security updates. Tavis Ormandy, who has controversially disclosed Windows vulnerability details in the past, made a posting to...

Microsoft to patch Six critical Remote Code Execution vulnerabilities this Tuesday

Microsoft has announced Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities. Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will app...

Microsoft June 2013 Patch Tuesday updates IE Again

Microsoft took advantage today of its lightest batch of Patch Tuesday security updates this year to release an update to its certificate handling infrastructure. Meanwhile, administrators looking for a patch for a recently disclosed vulnerability by Google engineer Tavis Ormandy will have to wait...

Microsoft Patches IE Zero Day Used In Watering Hole Attack

Microsoft wasted no time today delivering a patch for the Internet Explorer 8 vulnerability being exploited in watering hole attacks carried out against the U.S. Department of Labor website and nine others worldwide. Today’s Patch Tuesday security updates also include a fix for IE vulnerabilities...

Microsoft Patch Tuesday to fix critical IE8 zero-day flaw

This coming Tuesday, Microsoft will issue fixes for 33 vulnerabilities in total, including two critical zero-day flaws relating to Internet Explorer recently discovered that has been used to attack several high-profile targets. Internet Explorer 6, 7, 8, 9 and 10 are the recipients of a patch tha...

Adobe Patches Security Vulnerabilities in Reader and Acrobat

Adobe is set to push security updates for various versions of its Acrobat and Reader software packages, in tandem with Microsoft, in the May edition of Patch Tuesday. According to the Adobe Product Security Incident Response Team, each of the updates in this month’s patch are considered serious,...

Microsoft Patch Zero Day Used to Attack Deptartment of Labor

Microsoft will ship 10 bulletins in the May edition of Patch Tuesday. The company considers just two of the patches critical, one of which supplements the currently available “Fix it” tool that resolved the IE zero-day vulnerability exploited recently in a watering-hole attack targeting the U.S...

Microsoft: Uninstall Faulty Patch Tuesday Security Update

Microsoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue screen. Microsoft recommends users uninstall the patch, which is also causing compatibility with some endpoint security software. “We’ve...

Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates

UPDATE – In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago. The popular hacker contest attracted researchers from all over who were targeting all the...

Microsoft Expected to Patch Pwn2Own IE Vulnerabilities

Appropriately enough for the start of the baseball season, Microsoft is going to go 4-for-4 and release another set of critical Internet Explorer patches on Tuesday, the fourth consecutive month in which serious vulnerabilities in the browser are being addressed in Microsoft’s Patch Tuesday month...

It's Patch Tuesday, Microsoft rolling out Critical security updates

It's Microsoft Patch Tuesday, and time of the month in which we gather round, hold hands, and see just how much of Microsoft's software needs patching. Prepare your systems, Microsoft is expected to issue seven bulletins affecting all versions of its Windows operating system OS, some Office...

Metasploit Module Released for Patched Honeywell ICS Vulnerability

Metasploit today released an exploit module for a serious vulnerability in Honeywell industrial control system software used to manage everything from HVAC and building access systems, to energy and facilities management processes. The vulnerability was reported by Rapid7 researcher Juan Vazquez ...

It's Patch Tuesday, Microsoft rolling out Critical security updates

It's Microsoft Patch Tuesday, and time of the month in which we gather round, hold hands, and see just how much of Microsoft’s software needs patching. Prepare your systems, Microsoft is expected to issue seven bulletins affecting all versions of its Windows operating system OS, some Office...

Microsoft to Ship 7 Bulletins in March Patch Tuesday Release

Software giant Microsoft plans to ship seven bulletins in the March 2013 edition of Patch Tuesday. Four of the bulletins are receiving high-severity, critical ratings. Three of the four critically rated bulletins that affect Microsoft Windows, Internet Explorer, Silverlight, Office, and Server...

Deja Vu: Another Adobe Flash Player Security Update Released

What’s better than one Flash Player update a week? Why two, of course. Adobe released its regularly scheduled security updates today, including another set of fixes for its ubiquitous Flash Player, less than a week after an emergency patch took care of two zero-day vulnerabilities being exploited...

Microsoft's Patch Tuesday fully loaded with patch for 57 security flaws

Microsoft next updates are fully loaded with 57 different security vulnerabilities through 12 separate updates. It will roll out fixes as it always does on Patch Tuesday, the second Tuesday of every month. Anyone who uses Windows as their primary operating system will be quite familiar with Patch...

Microsoft's Patch Tuesday fully loaded with patch for 57 security flaws

Microsoft next updates are fully loaded with 57 different security vulnerabilities through 12 separate updates. It will roll out fixes as it always does on Patch Tuesday, the second Tuesday of every month. Anyone who uses Windows as their primary operating system will be quite familiar with Patch...

Microsoft Announces Five Critical February Patch Tuesday Updates Coming Next Week

Microsoft announced yesterday it will ship 12 bulletins addressing 57 vulnerabilities in the February 2013 Patch Tuesday release of security updates. Five of the updates, which Microsoft will release Tuesday, received “critical” ratings while the remaining seven are considered “important.” If...