exploit

  1. MS10-076 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Exec

    Severity Rating: Critical - Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An...
  2. MS10-074 - Moderate: Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution

    Bulletin Severity Rating:Moderate - This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the...
  3. MS10-081 - Important: Vulnerability in Windows Common Control Library Could Allow Remote Code Execut

    Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows common control library. The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights...
  4. Announcing Coordinated Vulnerability Disclosure

    Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure." In recognition of the endless debate between responsible disclosure and full disclosure...
  5. Security Advisory 2286198 Released

    Hi everyone, We have released Link Removed due to 404 Error, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this...
  6. Security Advisory 2286198 Updated

    We've just updated Link Removed due to 404 Error to let customers know that we now have an automated "Fix It" available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running...
  7. Microsoft Security Advisory (2401593): Vulnerability in Outlook Web Access Could Allow Elevation of

    Revision Note: V1.0 (September 14, 2010): Advisory published.Summary: Microsoft has completed the investigation of a publicly disclosed vulnerability in Outlook Web Access (OWA) that may affect Microsoft Exchange customers. An attacker who successfully exploited this vulnerability could hijack...
  8. MS10-052 - Critical: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Executio

    Severity Rating: Critical - Revision Note: V1.0 (August 10, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media...
  9. MS10-047 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)

    Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker...
  10. MS10-049 - Critical: Vulnerabilities in SChannel could allow Remote Code Execution (980436)

    Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user...
  11. MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

    Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could...
  12. Microsoft patching up Windows shortcut vulnerability today

    Microsoft patching up Windows shortcut vulnerability today Later today, at 10 AM PDT (5 PM UTC), Microsoft is set to release an out of band update that will address the Windows Shell bug that enables malicious code to be executed when a user clicks the displayed icon of a specially crafted...
  13. Ubuntu closes root hole

    Ubuntu closes root hole A flaw in the module pam_motd (message of the day), which displays the daily motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights. Attackers can exploit this vulnerability to gain root access. Ubuntu...
  14. Windows XP Windows XP Security Vulnerability

    A major Link Removed in Windows XP is now being actively exploited. Windows XP users should use this Microsoft Fix It tool to close this vulnerability.
  15. C

    Microsoft warns of 64-bit Windows 7 hole

    Sorry this is from back on March 19, 2010, but I stumbled across it and thought it was worth posting. Microsoft is working on a patch to fix a hole in a 64-bit Windows 7 graphics display component that could be exploited to crash the system or potentially take control of the computer by...
  16. Windows 7 MS tells 64bit users to turn off Aero

    Microsoft has noted that a graphics bug could allow hackers to take limited control of 64-bit Windows 7 machines. It says disabling Aero can block the problem, but that it’s unlikely to be exploited. The vulnerability is in the 64-bit editions of Windows 7 and Windows Server 2008 R2 plus...
  17. Windows 7 The do-it-yourself botnet kit

    Security researchers from antivirus vendor ESET have uncovered a simple tool automating the creation of botnets that can be controlled from Twitter. The botnet clients can be commanded to launch Distributed Denial of Service (DDoS) attacks or install additional malware on the compromised...
  18. Windows 7 iPhone got hacked in just 20 seconds

    iPhone Hacked Fast at Pwn2Own 2010 An iPhone got hacked in just 20 seconds at this week’s Pwn2Own hacking contest at CanSecWest 2010, along with Internet Explorer 8, and Apple’s Safari browser. DV Labs sponsors the annual hacking contest where if you successfully exploit a target you get to...
  19. Windows 7 What to make of the hacker who broke IE8 in two minutes

    Link Removed Some of you might have seen today's story by Gregg Keizer of our sister publication Computerworld headlined "Link Removed due to 404 Error" and may have asked the same question I asked. Two minutes? Dutch hacker Peter Vreugdenhil broke into the current edition of the Web browser...
  20. Windows 7 New malware overwrites software updaters

    Link Removed due to 404 Error For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users. The malware, which infects Windows computers, masks itself as an...