Source: Neowin.net - Exclusive: New Facebook exploit hits the web
Update: If your account has been hijacked, take the following steps:
1) Visit the Facebook "Upload via Email" page
2) Click "Send me my upload email"
3) Click the "refresh your upload email" link. This will reset your...
account hijack
automation
browser
cybersecurity
data privacy
exploit
facebook
internet
javascript
manual process
personal data
photos
risk
security
social engineering
status updates
update
user awareness
vulnerabilities
web services
Hi everyone,
Today we released Link Removed due to 404 Error to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers...
advisory
anti-malware
anti-virus
browser
customer safety
cybersecurity
dep
exploit
internet explorer
malicious code
mitigation
protection
research
security
smartscreen
software
threat
update
vulnerability
windows
Severity Rating: Moderate - Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with...
Severity Rating: Critical - Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An...
Bulletin Severity Rating:Moderate - This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the...
access control
administrative rights
attacker
code execution
exploit
foundation
mfc library
microsoft
moderate severity
permissions
public disclosure
remote code execution
security risk
security update
software security
system control
update
user accounts
user rights
vulnerability
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights...
Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure." In recognition of the endless debate between responsible disclosure and full disclosure...
Hi everyone,
We have released Link Removed due to 404 Error, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this...
We've just updated Link Removed due to 404 Error to let customers know that we now have an automated "Fix It" available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running...
Revision Note: V1.0 (September 14, 2010): Advisory published.Summary: Microsoft has completed the investigation of a publicly disclosed vulnerability in Outlook Web Access (OWA) that may affect Microsoft Exchange customers. An attacker who successfully exploited this vulnerability could hijack...
Severity Rating: Critical - Revision Note: V1.0 (August 10, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media...
account security
audio
august 2010
bulletin
codecs
critical
execution
exploit
media file
microsoft
mpeg
patch
remote
risk assessment
security
streaming
update
user rights
vulnerability
web content
Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker...
Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user...
Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could...
Microsoft patching up Windows shortcut vulnerability today
Later today, at 10 AM PDT (5 PM UTC), Microsoft is set to release an out of band update that will address the Windows Shell bug that enables malicious code to be executed when a user clicks the displayed icon of a specially crafted...
bug fix
code execution
exploit
malicious
microsoft
out of band
patch
patching
security
server 2003
server 2008
shell
shortcut
testing
update
vulnerability
windows
windows 7
windows vista
windows xp
Ubuntu closes root hole
A flaw in the module pam_motd (message of the day), which displays the daily motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights. Attackers can exploit this vulnerability to gain root access. Ubuntu...
A major Link Removed in Windows XP is now being actively exploited. Windows XP users should use this Microsoft Fix It tool to close this vulnerability.
Sorry this is from back on March 19, 2010, but I stumbled across it and thought it was worth posting.
Microsoft is working on a patch to fix a hole in a 64-bit Windows 7 graphics display component that could be exploited to crash the system or potentially take control of the computer by...
cdd.dll
desktop experience
exploit
gdi
graphics driver
image vulnerability
malicious files
memory randomization
microsoft
patch
remote code execution
security
system crash
third-party applications
update
user protection
vulnerability
windows 7
windows aero
windows server
March 1, 2010
Caution! (Unpatched Bug in VB Script confirmed by Microsoft)
Windows 2000, Windows XP, and Windows Server 2003 are impacted.The bug has to be with those operating systems and any supported version of Internet Explorer-including IE-6.
This is a logic flaw that could be used by...
bug
code injection
exploit
help files
hijack
internet explorer
malware
medium risk
microsoft
security
threat assessment
vb script
windows 2000
windows server
windows xp