Proofpoint discovered that a recent spate of phishing messages contained macros-based attacks that did not execute until the malicious document was closed.
Tag Archives: Microsoft
All Major Browsers Fall at Pwn2Own Day 2
Two researchers took down the four major browsers, Internet Explorer, Firefox, Chrome, and Safari yesterday as Pwn2Own wrapped up in Vancouver.
Flash, Reader, Firefox and IE Fall on Pwn2Own Day 1
Four different research teams cracked four different products on Wednesday–Adobe Flash, Reader, Mozilla Firefox, and Microsoft Internet Explorer—and collectively earned a payout of $317,000 on the first day of Pwn2Own 2015.
Microsoft patches FREAK for Windows, IE, Office
The FREAK flaw itself resides in the SSL protocol, so Microsoft has fixed with this patch (MS15-031) its own implementation of the protocol, which is used in all its proprietary software (workstation, server, IE Office).
The release contains fixes for 14 new bulletins in total, five of which are rated as Critical, nine as Important.
The bulletins address vulnerabilities residing in both the consumer and server editions of Microsoft Windows, Internet Explorer, Office, SharePoint Server, and Exchange Server. Most of them may disclose information, bypass security features or would allow an attacker to elevate privileges.
What should you do?
Once your Windows computer signals the availability of the updates don’t wait too long to apply it and reboot your system.
The post Microsoft patches FREAK for Windows, IE, Office appeared first on Avira Blog.
Older Keen Team Use-After-Free IE Exploit Added to Angler Exploit Kit
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft’s Internet Explorer browser.
Don’t Build a Bounty Program; Build an Incentive Program
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.
Google Adds Grace Period to Disclosure Policy
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.
Threatpost News Wrap, February 13, 2015
Dennis Fisher and Mike Mimoso discuss Patch Tuesday, the Facebook ThreatExchange platform, Mozilla’s extension signing plan, plus questions from readers!
Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change
Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft.
Microsoft Group Policy Vulnerability Affects All Windows Computers
Details were released on two Microsoft Group Policy vulnerabilities affecting all Windows machines going back to Windows Server 2003. The flaws were addressed in separate Patch Tuesday security bulletins.