Ten Years Later, Rethinking Microsoft's Vuln Ratings

Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be...

After A Decade, Time To Rethink Microsoft's Vulnerability Ratings?

Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important sti...

MS Patch Tuesday Heads-Up: 17 Bulletins, 40 Vulnerabilities

Microsoft is planning another massive Patch Tuesday this month: 17 bulletins with fixes for 40 security vulnerabilities. The December batch of patches will cover security holes in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange, according to an advance notice posted Thursday...

Inside Patch Tuesday at the Microsoft Security Response Center

In this video, Dustin Childs of the Microsoft Security Response Center gives an inside look at what it’s like in Redmond on Patch Tuesday and what goes into the efforts that Microsoft makes to get fixes out every month. View the video at Microsoft’s Security TechCenter...

Oracle Plans Monster Patch Tuesday Release

Oracle will join Microsoft on next week’s Patch Tuesday freight train and it will be another mega-release. The database server giant says in a pre-release announcement that it will patch a whopping 81 vulnerabilities, some serious enough to be remotely exploitable without authentication over a...

This Week In Security: Stuxnet Redux, Gmail Security and a Monster Patch Tuesday

The Stuxnet buzz continued this week, Adobe took a few steps toward better security and Microsoft announced plans for its largest Patch Tuesday ever. But it wasn’t just Microsoft, Adobe and everyone’s favorite worm grabbing headlines. Read on for the full week in review. Not going away anytime...

Microsoft Plans Record-Breaking Patch Tuesday

This month’s batch of security patches from Microsoft will be a record-breaking one: 16 bulletins addressing a whopping 49 security vulnerabilities. According to the company’s advance notice, four of the 16 bulletins will be rated “critical,” Microsoft’s highest severity rating. Microsoft rates a...

(CORE-2010-0701) Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability 1. Advisory Information Title: Adobe Acrobat Reader Acrord32.dll Use After Free Vulnerability Advisory Id:...

Microsoft plugs Eleven Vulnerabilities with Patch Tuesday Update

Microsoft issued nine security bulletins on Tuesday, fixing eleven vulnerabilities in products ranging from Windows, to Microsoft Office, to Internet Information Services. The patch release, part of the company’s monthly Patch Tuesday release included a fix for a previously undisclosed...

Microsoft to Patch 13 Security Holes in Windows, Office

Microsoft’s September batch of security patches will include fixes for 13 documented vulnerabilities affecting Windows, Internet Information Services IIS, and Microsoft Office. According to the company’s advance notification for this month’s Patch Tuesday, there will be a total of 9 bulletins fou...

Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS

This module exploits a denial of service flaw in the Microsoft Windows SMB service on versions of Windows prior to the August 2010 Patch Tuesday. To trigger this bug, you must be able to access a share with at least read privileges. That generally means you will need authentication. However, if a...

Inside Microsoft's August Patch Tuesday

Microsoft has released their planned 14 bulletins fixing 34 vulnerabilities today. There are four bulletins that administrators should look at patching as soon as possible. MS10-052 and MS10-055 both affect media files and are rated as Critical. Opening a malicious media file can lead to remote...

MS Patch Tuesday: Critical IE, Office Patches Coming

Microsoft is planning a very busy Patch Tuesday this month: 14 bulletins with patches for 34 vulnerabilities in Windows, Microsoft Office, Internet Explorer, SQL and Silverlight. According to Microsoft’s advance notice for the August batch of patches, eight of the bulletins carry a “critical”...

Microsoft Releases FixIt Tool for LNK Flaw

Microsoft has released a FixIt tool for the unpatched LNK Windows shell vulnerability and also has updated its guidance on how to deal with the flaw. The company also said it is continuing to work on developing a patch for the vulnerability. The FixIt tool that Microsoft published Tuesday mitigat...

Microsoft: 25,000 Computers Attacked With Latest Windows Zero Day

The Windows Help and Support Center vulnerability that was patched with yesterday’s MS10-042 bulletin was under active attack by malware miscreants, especially in Europe where Microsoft tracked about 25,000 attempts to exploit the vulnerability. According to Microsoft’s Holly Stewart, the attacks...

Patch Tuesday: Microsoft Kills Pwn2Own Browser Bug

The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities. Three of the bulletins are rated “critical” because of the risk of remote code execution attacks. Affected products include the Windows...

MS Patch Tuesday Heads-up: 10 Bulletins, 34 Vulnerabilities

Microsoft’s Patch Tuesday this month will be a big one: 10 bulletins fixing 34 vulnerabilities in Windows, Office and Internet Explorer. Three of the 10 bulletins will be rated “critical,” Microsoft’s highest severity rating. The flaws addressed in those bulletins typically expose users to remote...

Adobe Releases Quarterly Patches, Enables Auto Updater

Adobe on Tuesday released its quarterly load of patches, including an update for Adobe Reader that fixes several critical vulnerabilities. The company also used the opportunity to enable the new automatic updater in both Reader and Acrobat. The vulnerabilities in Reader could give an attacker the...

On the Latest iPhone Attack, Patch Tuesday and More Fallout from Google

Dennis Fisher and Ryan Naraine discuss the latest iPhone attack, the upcoming Patch Tuesday and the never-ending fallout from the Google attack. SHOW NOTES iPhones Vulnerable to New Remote Attack Microsoft to Patch 26 Windows, Office Vulnerabilities Google Attack Was Tip of the Iceberg Subscribe ...

Microsoft Plans Quiet January Patch Tuesday

Microsoft’s first Patch Tuesday for 2010 will be very light: A solitary bulletin addressing a vulnerability that is rated critical only for Windows 2000 users. According to Redmond’s advance notice for the next batch of patches due on January 12, the bulletin is rated “low” for every other affect...