exploit

Severity Rating: Critical - Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An...

Bulletin Severity Rating:Moderate - This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the...

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights...

Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure." In recognition of the endless debate between responsible disclosure and full disclosure...

Hi everyone, We have released Link Removed due to 404 Error, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this...

We've just updated Link Removed due to 404 Error to let customers know that we now have an automated "Fix It" available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running...

Revision Note: V1.0 (September 14, 2010): Advisory published.Summary: Microsoft has completed the investigation of a publicly disclosed vulnerability in Outlook Web Access (OWA) that may affect Microsoft Exchange customers. An attacker who successfully exploited this vulnerability could hijack...

Severity Rating: Critical - Revision Note: V1.0 (August 10, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media...

Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker...

Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user...

Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could...

Microsoft patching up Windows shortcut vulnerability today Later today, at 10 AM PDT (5 PM UTC), Microsoft is set to release an out of band update that will address the Windows Shell bug that enables malicious code to be executed when a user clicks the displayed icon of a specially crafted...

Ubuntu closes root hole A flaw in the module pam_motd (message of the day), which displays the daily motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights. Attackers can exploit this vulnerability to gain root access. Ubuntu...

A major Link Removed in Windows XP is now being actively exploited. Windows XP users should use this Microsoft Fix It tool to close this vulnerability.

Sorry this is from back on March 19, 2010, but I stumbled across it and thought it was worth posting. Microsoft is working on a patch to fix a hole in a 64-bit Windows 7 graphics display component that could be exploited to crash the system or potentially take control of the computer by...

Microsoft has noted that a graphics bug could allow hackers to take limited control of 64-bit Windows 7 machines. It says disabling Aero can block the problem, but that it’s unlikely to be exploited. The vulnerability is in the 64-bit editions of Windows 7 and Windows Server 2008 R2 plus...

Security researchers from antivirus vendor ESET have uncovered a simple tool automating the creation of botnets that can be controlled from Twitter. The botnet clients can be commanded to launch Distributed Denial of Service (DDoS) attacks or install additional malware on the compromised...

iPhone Hacked Fast at Pwn2Own 2010 An iPhone got hacked in just 20 seconds at this week’s Pwn2Own hacking contest at CanSecWest 2010, along with Internet Explorer 8, and Apple’s Safari browser. DV Labs sponsors the annual hacking contest where if you successfully exploit a target you get to...

Link Removed Some of you might have seen today's story by Gregg Keizer of our sister publication Computerworld headlined "Link Removed due to 404 Error" and may have asked the same question I asked. Two minutes? Dutch hacker Peter Vreugdenhil broke into the current edition of the Web browser...

Link Removed due to 404 Error For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users. The malware, which infects Windows computers, masks itself as an...