January 12, 2010 - A vulnerability in the Windows Embedded OpenType Font Engine could lead to remote code execution as explained in MS10-001: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution, (continue reading...) Read more
January 9, 2010 - When Adobe issued the advisory for the most recent serious vulnerability in Acrobat and Reader they used it for the first application of their JavaScript Blacklist Framework. This framework allows users (continue reading...) Read more
January 9, 2010 - Back in June of last year SecurityReason issued an advisory on an overflow bug in the libc gdtoa printf(3) function. They described the severity as "high" and listed many products, mostly (continue reading...) Read more
January 5, 2010 - In an interview with Kaspersky's ThreatPost (podcast and transcript), Adobe security chief Brad Arkin revealed that Adobe is working on a new version of their updater software that will automatically download (continue reading...) Read more
January 4, 2010 - Symantec has revealed a bug in SEPM (Symantec Endpoint Protection Manager) that prevents new updates to AV/AS/IPS definitions. All such updates dated after December 31, 2009, 11:59 P.M. (continue reading...) Read more
January 4, 2010 - The Internet Storm Center at the SANS Institute has a highly-technical, but well-written and fascinating description of a new malicious PDF making the rounds. This exploit utilizes an unpatched vulnerability (continue reading...) Read more
December 27, 2009 - A vulnerability in certain older versions of Microsoft's IIS (Internet Information Server) web server could allow an attacker to upload malicious files, bypassing some security checks. The vulnerability was discovered by Soroush Dalili (continue reading...) Read more
December 21, 2009 - Joanna Rutkowska of Invisible Things Lab has disclosed a new vulnerability in certain Intel processors. The SINIT feature of SMM (System Management Mode) can interfere with TXT (Trusted eXecution Technology), allowing (continue reading...) Read more
December 18, 2009 - Cisco has disclosed that multiple vulnerabilities in their WebEx Recording Format (WRF) Player could allow a remote attacker to take control of a user's computer. The vulnerability was disclosed to Cisco by (continue reading...) Read more
December 16, 2009 - Mozilla has released Firefox 3.5.6, 3.0.16, and SeaMonkey 2.0.1 to address 7 newly-disclosed vulnerabilities, 3 of (continue reading...) Read more
December 15, 2009 - Adobe has issued an advisory for the 0-day vulnerability disclosed the other day. The vulnerability is critical, potentially allowing remote code execution, and affects all versions of Acrobat and Reader on all (continue reading...) Read more
December 15, 2009 - It used to be that end-of-year security predictions were bold and almost science-fictiony. They have become more conservative this year and therefore more reasonable. I've been barraged with them and have attempted to collect the best here.It's clear to me (continue reading...) Read more
December 15, 2009 - More news is emerging about the zero-day attack on Adobe Acrobat and Reader revealed by the company last night.The main news comes from the Shadowserver Foundation which claims to have examined the attack. They confirm that the attack (continue reading...) Read more
December 14, 2009 - From Adobe themselves comes the vague news that an unpatched vulnerability in Acrobat and Reader is being exploited in the wild.That's the extent of what they (continue reading...) Read more
December 11, 2009 - In the Twitter gab as last Patch Tuesday was unfolding, researcher Alex Sotirov complained that vendors weren't paying for those who found the bugs in their products, and that this was unjust.Most of the bug-finding for major products (continue reading...) Read more
December 8, 2009 - Hidden behind the Patch Tuesday updates, Microsoft released two separate security advisories and one set of updates that were not mentioned in the advance notification. The first one, "Microsoft Security Advisory (continue reading...) Read more
December 8, 2009 - Microsoft has issued 6 updates, 3 of which are rated critical, to address a total of 11 (or 12, depending on how you count them) vulnerabilities in components of Windows and (continue reading...) Read more
December 7, 2009 - Right on the schedule they set, Adobe has issued a security advisory on the recently-reported vulnerability in Illustrator. The only real news beyond what was previously reported is that the vulnerability (continue reading...) Read more
December 7, 2009 - We've written about it before and now Microsoft's reminding us: This coming July Microsoft will end support for Windows 2000 Server, Windows 2000 Client and Windows XP SP2. Gold code for (continue reading...) Read more
December 5, 2009 - Adobe has acknowledged once again a vulnerability disclosed in Illustrator. Their initial acknowledgement of it was a quickie and they hadn't had much time to study the attack. Now they state (continue reading...) Read more