Critical Vulnerability Fixed in Chrome 23

It’s Patch Tuesday, and not just for Microsoft and Adobe. Google also patched a number of security vulnerabilities in its Chrome browser today, including one critical flaw and three high-severity ones. The most serious vulnerability that Google fixed in Chrome 23 is a crash in the browser’s histo...

Microsoft to Fix Critical Word Flaw in October Patch Tuesday

Microsoft will release seven bulletins in the October Patch Tuesday next week, fixing 20 total vulnerabilities in Windows, Office, Lync and SQL Server. Only one of the bulletins is rated critical, while the six others are rated important. The one critical bulletin affects Microsoft Office 2003,...

Microsoft Recommends Workarounds to Mitigate Latest IE Zero-Day; Patch Still to Come

Microsoft issued a security advisory Monday night and recommended several workarounds to mitigate a zero-day vulnerability in Internet Explorer reported over the weekend that is being exploited in the wild. Microsoft said it is still investigating the vulnerability, and may issue an out-of-band...

Microsoft Ships Two Bulletins in September Security Update

The Microsoft security team shipped just two bulletins – resolving as many holes – in the September, 2012 edition of Patch Tuesday. The patches will supply fixes for two ‘important’ rated bugs, one in Microsoft Developer Tools and the other in Micrososft Server Software. If unpatched, both could...

Google engineers Warn Of Serious Unpatched Adobe Reader Flaws

Adobe has missed dozens of vulnerabilities in Reader in this week's Patch Tuesday run according to Google engineers who reported the flaws. Sixteen vulnerabilities still affected the Windows and Mac OS X versions, while 31 critical and "trivially exploitable" bugs were found in the Linux...

Three Critical Fixes in July Microsoft Patch Tuesday

Microsoft issued nine bulletins fixing 16 vulnerabilities in the July 2012 edition of Patch Tuesday. Three of the bulletins received Microsoft’s most severe ‘critical’ rating, while the remaining six were deemed merely ‘important.’ First and foremost among the critical patches is MS12-043, a fix...

Microsoft Plans To Fix 16 Vulnerabilities With July Patch Release

Microsoft has announced it will issue nine bulletins for its July Patch Tuesday release next week. Included in the update are three critical patches for security holes that, if left unaddressed, could result in remote code execution on vulnerable systems. In all, the Redmond, Washington company...

Seven Bulletins in Microsoft's June Patch

In the June 2012 edition of Patch Tuesday, Microsoft shipped seven security bulletins, of which, only three were deemed worthy of a critical rating. This month’s critical fixes are all remote code execution vulnerabilities in Windows, Internet Explorer, and the .NET framework. The first, MS12-036...

Microsoft to Fix 28 Vulnerabilities in June Patch Tuesday

Microsoft has been busy of late, what with the scramble surrounding the Flame malware and the forged certificate that the attackers were able to use to spread the malware via a fake Windows Update service. Now, the company is planning to release seven bulletins next Tuesday covering 28...

Microsoft Adopts CVRF Format for Security Bulletins

Since the beginning of recorded time, security researchers, software vendors and hackers have been issuing security advisories in all kinds of nutty formats. Some feature excellent ASCII art, some have clever inside jokes and some come from Microsoft. Now, there’s a effort underway, called the...

Patch Tuesday Advance Notification: May Edition

Microsoft announced today that they will be shipping three critical and five important bulletins in the May edition of patch Tuesday. All of the ‘critical’ bulletins and two of the ‘important’ bulletins fix vulnerabilities that could otherwise lead to remote code execution. The two remaining...

Ryan Naraine on Exploit Mitigations and the MS12-020 RDP Bug

Dennis Fisher talks with Ryan Naraine about whether exploit mitigations such as ASLR and DEP really make any difference in preventing browser attacks and the seriousness of the MS12-020 RDP vulnerability that was patched during March’s Patch Tuesday release. Podcast audio courtesy of sykboy65...

Microsoft, Security Experts Warn 'Wormable' RDP Exploit Will Come Sooner Than Later

As a follow-up to its usual Patch Tuesday release this week, officials at Microsoft are warning users that an exploit against the recently disclosed Remote Desktop Protocol RDP vulnerability for Windows is likely to come in the next 30 days. According to a supplementary entry on its Security...

Mozilla Releases Firefox 11, Fixes Pwn2Own Bug

Mozilla has released Firefox 11 and acknowledged that the security vulnerability that a pair of researchers used in the Pwn2Own contest last week was one that the company already was aware of and working on repairing. The bug that researchers Willem Pinckaers and Vincenzo Iozzo used to compromise...

Microsoft Fixes Critical RDP Vulnerability with March Patch Tuesday

Microsoft rolled out six patches addressing seven vulnerabilities on Tuesday, including a critical hole in Windows’ Remote Desktop Protocol RDP – the same component exploited by the Morto worm in August. The March edition of their monthly Patch Tuesday release included a critical bulletin MS12-02...

Microsoft Fixes Critical IE, Windows Bugs with February Patch Tuesday

Microsoft released nine security updates Tuesday, four critical; five important, fixing 21 different holes in various applications with its February patch release. The four critical fixes deal with vulnerabilities in the company’s Windows, Internet Explorer, .NET Framework and Silverlight program...

Microsoft Plans Nine Bulletins, Four Critical for February Patch Tuesday

Microsoft will issue nine security updates, four critical, for Patch Tuesday next week, fixing 21 different vulnerabilities in Windows, Internet Explorer, .NET, Silverlight and Office. Seven of the nine may lead to remote code execution, while the other two may lead to elevation of privilege,...

Microsoft Fixes BEAST SSL Bug in January Patch Tuesday

Microsoft on Tuesday patched the vulnerability in Windows that was exploited by the BEAST SSL attack tool developed by Juliano Rizzo and Thai Duong last year. The patch is one of several rated important that was issued by Microsoft in January’s Patch Tuesday release, and there also was a critical...

Next Microsoft Patch Tuesday include BEAST SSL fix

Next Microsoft Patch Tuesday include BEAST SSL fix Microsoft's first batch of patches for 2012 will include fixes for security vulnerabilities in the Windows operating system and Microsoft Developer Tools and Software. The patches will be released next Tuesday Jan 10, 2012 at approximately 1:00 P...

Microsoft to Issue Seven Bulletins, One Critical, on Patch Tuesday

Microsoft plans to issue seven security bulletins in the January Patch Tuesday release next week, fixing six vulnerabilities rated important and one rated critical. The bugs affect a variety of products, including Windows XP, Vista, Windows 7, Server 2003 and 2008 and Microsoft Developer Tools an...