Dennis Fisher and Mike Mimoso talk about all of the patches from Microsoft, Adobe and Oracle, the Flash security saga and the Darkode forum takedown.
Tag Archives: Microsoft
Security Support Ends For Remaining Windows XP Machines
Microsoft ended security support for existing Microsoft Security Essentials customers running Windows XP, a little more than a year after support officially ended
Microsoft Patches Hacking Team Windows Kernel Zero Day
Microsoft patched a Windows kernel zero day vulnerability uncovered among the data stolen from the controversial Hacking Team.
Samsung to Patch Windows Update Issue Within Days
Samsung said today it will no longer automatically disable Windows updates on PCs and laptops it manufactures and will release a patch “within a few days.”
Time to Patch: Loads of Security Issues in Adobe Reader and Microsoft Windows
Hacker Mateusz Jurczyk from Google’s Project Zero disclosed 15 remote execution vulnerabilities, most of them for Windows and the Adobe Type Manager Font Driver. He presented his findings at the Recon security conference and aptly named his research “One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation”.
According to his blog the most serious and interesting security issue he discovered so far was a really reliable BLEND instruction exploit. Jurczyk writes that “the extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) – thus making it possible to create an exploit chain leading to a full system compromise with just a single bug – makes it one of the most interesting security issues I have discovered so far.”
He also shared two videos in which he shows how he successfully exploits the Adobe Reader 11.0.10 using the BLEND vulnerability (CVE-2015-3052), accompanied by sandbox escapes via ATMFD.DLL in the Windows Kernel as well as a “Registry Object” vulnerability on x64 builds (CVE-2015-0090).
Jurczyk reported all of his discoveres to Microsoft and Adobe which fixed the bugs in security bulletins MS15-021 (March), APSB15-10(May) and MS15-044 (May).
The post Time to Patch: Loads of Security Issues in Adobe Reader and Microsoft Windows appeared first on Avira Blog.
Details Available on Patched Adobe, Windows Font Vulnerabilities
Details have been disclosed on a patched Adobe Type Manager Font Driver flaw that could enable takeover of a number of systems supporting modern font engines.
HP Releases Details, Exploit Code for Unpatched IE Flaws
Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.
Reddit to Move to HTTPS-Only
In the two years since the details of the NSA’s deep penetration of the Internet infrastructure began to emerge, there has been a major movement afoot among Web companies to encrypt more and more of their resources and services. The latest large property to make this move is Reddit, which by the end of the […]
Microsoft Brings HSTS to Windows 7 and 8.1
Microsoft announced it has added HTTP Strict Transport Security (HSTS) to Internet Explorer 11 on Windows 8.1 and Windows 7, in addition to its native inclusion in Microsoft Edge on Windows 10.
Bug Bounties in Crosshairs of Proposed US Wassenaar Rules
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.