Content Tagged ‘Software Patches’

Researcher Releases More Details on JIT-Spraying

February 5, 2010 - Dion Blazakis provided me with a formal paper on the techniques he revealed yesterday to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) in Windows. Read more

New “JIT Spray” Penetrates Best Windows Defenses

February 4, 2010 - New attack techniques have proven capable of penetrating the state of the art in Windows systemic defenses, specifically DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). A demonstration was made Read more

Microsoft to Issue Baker’s Dozen Security Updates Next Tuesday

February 4, 2010 - Microsoft has released their advance notification for the February, 2010 Patch Tuesday, and it's a doozy. An unlucky 13 updates to Windows and Office will be released addressing 26 vulnerabilities.11 of Read more

Vulnerability in IE Can Disclose Local Files

February 3, 2010 - Microsoft has disclosed a vulnerability in Internet Explorer that can allow an attacker to cause local files on the system to be displayed as HTML.Technically, all versions of IE are affected, Read more

iPhone OS Update Fixes 5 Vulnerabilities

February 2, 2010 - 5 critical flaws in the OS software for the iPhone and iPod Touch have been fixed in the just-released iPhone OS 3.1.3 for those devices.CoreAudio (CVE-2010-0036)—Due to a buffer overflow, playing Read more

What Are the Advanced Security Settings in the Tools-Internet Options Dialog?

January 27, 2010 - The Tools-Internet Options dialog box in Internet Explorer has a wealth of important settings in it, some which affect the system outside of Internet Explorer. This dialog box is also available as Read more

More IE Flaws On Track for BlackHat

January 27, 2010 - A report in Computerworld describes how an unpatched vulnerability in Internet Explorer could allow an attacker to read arbitrary files on the user's computer.Jorge Luis Alvarez Medina, a security consultant with Read more

What’s Your DEP and ASLR Status?

January 25, 2010 - Inspired by Jack Schofield (by way of Ed Bott on Twitter), I opened up Process Explorer on my own system to examine the DEP status of programs running on my Read more

Microsoft Update For IE Fixes Aurora Bug and Others

January 21, 2010 - A cumulative update for Internet Explorer from Microsoft fixes the infamous vulnerability in the browser used recently to attack Google and other major companies. 7 other IE vulnerabilities were also fixed, Read more

Emergency IE, Windows Patches Coming Tomorrow, Thursday 1/21

January 20, 2010 - Microsoft has announced that tomorrow, Thursday January 21, they will release an out-of-band update to Windows and Internet Explorer to fix the vulnerability that was exploited in the infamous Aurora attacks. Read more

Critical Shockwave Bug Requires Uninstall, New Install

January 20, 2010 - Adobe has disclosed critical vulnerabilities in Shockwave Player versions 11.5.2.602 and earlier, creating the possibility of remote compromise of the system. Windows and Mac versions are affected.Numerous overflow vulnerabilities are referenced, Read more

Rumor Mill Report: Emergency IE Patch

January 18, 2010 - In their weekly podcast, Ryan Naraine and Dennis Fisher of Kaspersky's Threatpost speculate that the political pressure surrounding the IE 0-day is such that Microsoft will issue an emergency patch.This makes Read more

Aurora Exploit Ported to IE7 on XP, Vista

January 18, 2010 - Researcher Dino Dai Zovi says he has moved the Aurora exploit to the next level.On Twitter, he stated: "And now my Aurora exploit works on IE7 on Vista as well Read more

Microsoft Support Policies Guarantee Insecure Products

January 17, 2010 - I've written it many times before: Nobody is more generous with Read more

IE 0-Day Exploit Code Out; Who’s Vulnerable?

January 16, 2010 - Famed researcher HD Moore created a usable proof-of-concept exploit last night for the 0-day vulnerability in Internet Explorer used in the attack incident that everyone is now calling Aurora.It's a Read more

New IE 0-Day, Not Acrobat, Named Vector in the Google Attacks

January 14, 2010 - New evidence points to a previously unknown vulnerability in Internet Explorer as the hole through which criminals recently attacked Google and other companies, rather than a known, but unpatched vulnerability in Adobe Read more

PDF Babushka

January 14, 2010 - That's what they're calling it at ISC: PDF Babushka, because it's a PDF nested inside another PDF. Click here if you need the joke explained.I won't repeat the gritty analysis Read more

Adobe Releases More Details on Acrobat Update

January 12, 2010 - Adobe has released a security advisory and other details on today's updates to Adobe Reader and Acrobat.The advisory lists 8 vulnerabilities fixed in the new versions 8.2 and 9.3, including Read more

Adobe Releases Major Security Changes in Acrobat and Reader 8.2, 9.3 [Updated]

January 12, 2010 - Adobe has released versions 8.2 and 9.3 of Acrobat and Reader, making significant new security changes in all variations. Windows, Mac and UNIX versions are all available.We haven't yet seen any blog Read more

Microsoft Warns of Old Version of Flash in XP

January 12, 2010 - Today Microsoft issued Security Advisory (979267) Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution.No real news here, but in case you didn't know, Windows Read more

Page 1 of 3123
Copyright © 2010 The Security Blog. All rights reserved.