vulnerability

Microsoft has issued eleven security bulletins as part of its final Patch Tuesday of 2013. One of those bulletins addresses a zero-day flaw found in Windows XP, while another fixes a remote code execution vulnerability in the firm's web browser, ... Internet Explorer. In total, Microsoft's December Patch Tuesday includes five patches rated "critical", Microsoft's most alarming security classification. Windows XP TIFF Vulnerability Finally Addressed The first critical fix, MS13-096, addresses a TIFF image file vulnerability exploited via Word, Microsoft's word processing application. The good news ... (view more)

Microsoft has issued an emergency software fix for a critical flaw in its Internet Explorer web browser. According to reports, hackers have already exploited the vulnerability. Microsoft released the "Fix It" software in an attempt to prevent what ... it calls "targeted attacks" on a vulnerability in its Internet Explorer browser. Microsoft is calling this a "zero day" vulnerability, meaning software developers were unaware of the issue before it was exploited by hackers. Hackers Launch Remote Code Execution Attacks Reports indicate that hackers have used the flaw to carry out remote code ... (view more)

Outsourcing has become a popular way for big companies to save money. One example: offering 'bug bounties' that encourage independent researchers to help prevent security nightmares. According to a new study completed by University of California ... Berkeley researchers, it's far cheaper for technology firms to use these freelance security experts than expand an existing in-house security team. The study examined the bug bounty programs (otherwise known as vulnerability reward programs, or VRPs) used by two of the Internet's biggest firms: Google and Mozilla, makers of the Chrome ... (view more)

Internet users are now being warned about a new zero-day security vulnerability in Java software that could allow a hacker to gain unauthorized access to their computers. The vulnerability is related to a recently-discovered flaw in the popular Java ... software system, which is used all over the web to create a great many applications and associated plug-ins. Security experts say even fully-updated installations of Java are vulnerable to this new round of attacks. Only by completely disabling the Java browser plug-in can Internet users be sure their computers are safe from hackers attempting to ... (view more)

A newly-discovered flaw in Microsoft's popular Internet Explorer (IE) web browser could allow hackers to take control of a Windows-based computer. The Redmond, Washington-based firm has acknowledged that the problem exists and that it affects older ... versions of IE. The firm has also released a temporary fix for the problem. Microsoft Advises: Avoid Suspicious Links "Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said in a security advisory issued on Sunday, December 30, 2012. Microsoft says the remote code ... (view more)

Microsoft says it has fixed only one 'critical' security flaw this Patch Tuesday. However, it appears to be a highly significant vulnerability. For those not familiar with the terminology, 'critical' vulnerabilities are those rated to be most in ... need of addressing. Flaw Could Allow Remote Code Execution The 'critical' security flaw is a remote code execution vulnerability in Microsoft's Remote Desktop Protocol (RDP). Every version of Windows is reportedly left vulnerable by the problem. So long as the vulnerability remains unpatched, Microsoft says, a hacker who is able to convince a computer ... (view more)

Microsoft has confirmed that a zero-day vulnerability exists in Windows XP, Vista, as well as Server 2003 and Server 2008. The bug, which first emerged in mid-December 2010, has evolved since the exploit was posted publicly. The bug was first ... discussed on December 15 at a security conference in South Korea. Since no one had yet exploited the vulnerability, there was not significant cause for concern. That's changed now that researcher Joshua Drake has released an exploit module via open-source penetration testing project, Metasploit. Exploit Opens Door to Total System Takeover Metasploit has ... (view more)

A new Internet Explorer (IE) security vulnerability has been found. The flaw, which is related to Internet Explorer's HTML engine, allows hackers to infiltrate systems running Windows XP, Vista and Windows 7. The issue was first discovered early in ... December by French security company Vupen . The company says this flaw could be exploited with the processing of a CSS (or Cascading Style Sheets) file intended for use by web designers. Rigged Website Key to Attack Those running Internet Explorer could find themselves under attack if they're (knowingly or unknowingly) directed to a specially- ... (view more)