flaw

Thu
23
Dec
Dennis Faas's picture

New Internet Explorer Vulnerability Found

A new Internet Explorer (IE) security vulnerability has been found. The flaw, which is related to Internet Explorer's HTML engine, allows hackers to infiltrate systems running Windows XP, Vista and Windows 7. The issue was first discovered early in ... December by French security company Vupen . The company says this flaw could be exploited with the processing of a CSS (or Cascading Style Sheets) file intended for use by web designers. Rigged Website Key to Attack Those running Internet Explorer could find themselves under attack if they're (knowingly or unknowingly) directed to a specially- ... (view more)

Fri
17
Sep
Dennis Faas's picture

Apple Update Fixes Critical QuickTime Flaw

Apple has patched two critical code execution holes in its QuickTime multimedia player for Windows. At least one of these vulnerabilities has already been exploited by hackers, meaning the fix comes not a moment too soon. An Estimated Several ... Hundred Applications at Risk We first reported the QuickTime flaw over two weeks ago, when it was discovered that the exploit made at least forty (and perhaps several hundred) Windows applications vulnerable to attack. One flaw, called CVE-2010-1818, is associated with QuickTime's ActiveX control. It can be exploited if a hacker can trick a victim to ... (view more)

Tue
31
Aug
Dennis Faas's picture

All Windows Users at Risk of Quicktime Flaw

Shortly after announcing a severe iTunes flaw that affects over 40 Windows applications just last week, it now appears Apple's popular media player, QuickTime, also includes a flaw that could be exploited by hackers to execute malicious code on PCs ... using the Windows operating system (OS). Even systems running more recent versions of the OS, Windows Vista and Windows 7, are vulnerable. "At present the security vulnerability seems to be with users that run Internet Explorer. Given the relative ease with which [the exploit was demonstrated], the chance for drive-by [download] attacks to ... (view more)

Thu
29
Jul
Dennis Faas's picture

Free Toolset Fixes Windows Shortcut Flaw

Two third-party software companies have come together to release temporary fix for a highly contagious and critical zero-day flaw which affects all versions of the Windows operating system (OS). The security flaw, which Microsoft says it knows about ... and is working on a permanent patch towards, makes users of Windows 2000 through Windows 7 vulnerable to attack if they open a desktop folder packing an infected .LNK file extension. Microsoft Temp Fix Not Popular Microsoft last week released its own temporary solution in the form of a workaround, but few users were very fond of a solution that ... (view more)

Fri
23
Jul
Dennis Faas's picture

Experts Fear Windows Shortcut Flaw to be Widespread

A serious security flaw affecting Windows shortcuts could pose a significant risk to critical global infrastructure, says a new report from security research firm Sophos. Power grids and manufacturing plants could soon be targeted by a flaw that ... researchers say has already been exploited by hackers. "Early versions of the malware have been programmed to seek out SCADA software (Supervisory Control And Data Acquisition) by Siemens Corporation, which is used in managing industrial infrastructures, such as power grids and manufacturing plants," said Sophos. Security Firms Fear Growing Threat ... (view more)

Wed
21
Jul
Dennis Faas's picture

New 'Windows Shortcut Flaw' High Risk, Affects All Users

A new Windows zero-day flaw has gone public. Known as the "Windows Shortcut flaw", the exploit affects all versions of Microsoft Windows. What's important to note is that merely opening or viewing an infected USB stick can infect a computer -- even ... on systems where Windows Autoplay is disabled. The flaw affects files which have the file extension .LNK, otherwise known as a "Windows Shortcut" file. Shortcut files are essentially copies of program icons and tell Windows where the original program is located. For example, normally one would have to click Start -> Programs ... (view more)

Tue
13
Jul
Dennis Faas's picture

Patch Tuesday to Address XP Help Bug, Plus Vital Win7 Fixes

Microsoft will next week unveil a series of security bulletins meant to address five security flaws. The fixes are part of the company's monthly Patch Tuesday release, and will most importantly fix a critical Windows XP Help Bug flaw in Windows' ... Help and Support Center. The series of fixes include four patches for the five vulnerabilities, three of which have been dubbed "critical" by Microsoft -- the company's highest level of alert. Each of these critical issues involve holes that, if exploited, could allow a hacker to launch a remote code execution attack upon an unsuspecting user's PC. ... (view more)

Wed
19
May
Dennis Faas's picture

Microsoft Warns of 'Unlikely' Windows 7 Aero Flaw

A new security flaw in Microsoft's very popular Windows 7 operating system (OS) could open users up to a remote code execution and denial-of-service attack, Microsoft said in a security advisory on Tuesday evening. The vulnerability affects only ... 64-bit versions of Windows Server 2008 R2 and Windows 7. The flaw affects the Canonical Display Driver, or CDD.DLL, used in the Windows Graphics Device Interface (GDI) and DirectX drawing. The vulnerability is tied to the graphics system's desktop composition process. (Source: zdnet.com ) Microsoft: Remote Code Attack "Unlikely" Luckily, it ... (view more)

Fri
14
May
Dennis Faas's picture

Researcher Reveals Critical Flaw in Safari Web Browser

A zero-day flaw has recently been discovered in the latest version of Apple's Safari browser. The flaw is considered to be "highly critical," the second-highest rating in the five-step threat-assessment system. It also has the potential to infect ... Windows PCs with malicious code. In actuality, the bug is the result of an error in the handling of the browser's parent windows. It can result in a "function call using an invalid pointer". Different Flaw, Same Tactics Malware peddlers might also attempt to exploit the vulnerability by creating a malicious site and coaxing users into coming to the ... (view more)

Wed
10
Mar
Dennis Faas's picture

Light Patch Tuesday Release Brings Heavy Warning from Microsoft

Microsoft yesterday unveiled its March Patch Tuesday offering, and by comparison to recent months it was a relatively calm affair. Only two security bulletins addressing eight vulnerabilities were announced, but they were joined by a warning related ... to a new zero-day Internet Explorer flaw which does not yet have a fix. Both of the bulletins Microsoft released in accordance with its March Patch Tuesday have been designated "important". That's a big step down from this past February's Patch Tuesday , where about one-fifth of the 26 vulnerabilities were considered "critical," Microsoft's ... (view more)

Pages

Subscribe to RSS - flaw