exploit

Source: Neowin.net - Exclusive: New Facebook exploit hits the web Update: If your account has been hijacked, take the following steps: 1) Visit the Facebook "Upload via Email" page 2) Click "Send me my upload email" 3) Click the "refresh your upload email" link. This will reset your...

Hi everyone, Today we released Link Removed due to 404 Error to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers...

Severity Rating: Moderate - Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with...

Severity Rating: Critical - Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An...

Bulletin Severity Rating:Moderate - This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the...

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights...

Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure." In recognition of the endless debate between responsible disclosure and full disclosure...

Hi everyone, We have released Link Removed due to 404 Error, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this...

We've just updated Link Removed due to 404 Error to let customers know that we now have an automated "Fix It" available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running...

Revision Note: V1.0 (September 14, 2010): Advisory published.Summary: Microsoft has completed the investigation of a publicly disclosed vulnerability in Outlook Web Access (OWA) that may affect Microsoft Exchange customers. An attacker who successfully exploited this vulnerability could hijack...

Severity Rating: Critical - Revision Note: V1.0 (August 10, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media...

Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker...

Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user...

Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could...

Microsoft patching up Windows shortcut vulnerability today Later today, at 10 AM PDT (5 PM UTC), Microsoft is set to release an out of band update that will address the Windows Shell bug that enables malicious code to be executed when a user clicks the displayed icon of a specially crafted...

Ubuntu closes root hole A flaw in the module pam_motd (message of the day), which displays the daily motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights. Attackers can exploit this vulnerability to gain root access. Ubuntu...

A major Link Removed in Windows XP is now being actively exploited. Windows XP users should use this Microsoft Fix It tool to close this vulnerability.

Sorry this is from back on March 19, 2010, but I stumbled across it and thought it was worth posting. Microsoft is working on a patch to fix a hole in a 64-bit Windows 7 graphics display component that could be exploited to crash the system or potentially take control of the computer by...

March 1, 2010 Caution! (Unpatched Bug in VB Script confirmed by Microsoft) Windows 2000, Windows XP, and Windows Server 2003 are impacted.The bug has to be with those operating systems and any supported version of Internet Explorer-including IE-6. This is a logic flaw that could be used by...