exploit

Microsoft fills Excel, Windows, Word holes

Updated 12:30 p.m. PDT with ZoneAlarm discount offer and 11:50 a.m. PDT with comment from security vendors.

Microsoft on Tuesday closed security holes in Excel, Windows, and Word that had been exploited in the wild as well as other holes for which exploit code or details exist, all as part of its monthly patch update cycle.

The critical Excel hole could allow an attacker to take complete control of an unpatched system if a user opens a specially crafted Excel file. Security firm Symantec said in February that it had discovered malicious files in the wild … Read more

Adobe issues fix for zero-day Reader vulnerability

Adobe Systems on Tuesday issued a security update to fix a critical vulnerability in Adobe Reader 9 and Acrobat 9 that could allow an attacker to take complete control of a computer and for which exploits had been reportedly found in the wild for nearly two months.

Adobe alerted users about the vulnerability more than two weeks ago and promised to have a security update for it by March 11.

Basically, attackers can take advantage of a hole on unpatched systems to overwrite memory with a buffer overflow and install a backdoor through which to control the system remotely.

In its advisory, … Read more

Adobe patches Flash hole

Adobe released a patch for a Flash player hole this week that could allow an attacker to remotely take control of a computer.

The vulnerability is critical for one for Adobe Flash Player 10.0.12.36 and earlier versions, the company said in an advisory.

To exploit the vulnerability, a targeted user must load a malicious Shockwave Flash file, which can be done by social engineering the user or injecting malicious content into a compromised, trusted Web site, according to an advisory from security firm iDefense.

Internet Explorer and Firefox plug-ins can be used to temporarily block and unblock … Read more

Buzz Out Loud 874: Ruining the economy since 2005

On a very special Buzz Out Loud, we discover that we, much to our surprise and chagrin, are the cause for the ongoing economic crisis in this country. Who knew? Also, of course, we dissect at length the news that Apple is pulling out of future Macworld Expo conferences after this year, and the even bigger news that Steve Jobs won't be giving this last keynote. Heartbreak ensues.

Listen now: Download today's podcast EPISODE 874

Without Macworld, how will Apple create the buzz? http://news.cnet.com/8301-13579_3-10124956-37.html http://www.apple.com/pr/library/2008/12/16macworld.html… Read more

Critical IE 7 exploit making the rounds

Microsoft issued a critical security warning Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7.

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users' system with a Trojan horse, or "downloaders" that can download other … Read more

Buzz Out Loud 873: Drunk sexy lunch

Listen all the way to the end of the show in order to understand what this title is all about. Wow, it's been quite the week here at BOL. But in actual news, the latest IE zero-day exploit just keeps getting worse (use another browser, people), the iPhone 3G has been unlocked, and Twitter is making millions...for other companies. Listen now: Download today's podcast EPISODE 873

Major security alert for Microsoft Internet Explorer http://www.obsessable.com/news/2008/12/16/major-security-alert-for-microsoft-internet-explorer/ http://www.washingtonpost.com/wp-dyn/content/article/2008/12/16/AR2008121601022.html http://it.slashdot.org/article.pl?sid=08/12/16/1319217… Read more

Microsoft looking into WordPad zero-day flaw

Microsoft is investigating reports of a flaw in the WordPad Text Converter for Word 97 files, the company said on Tuesday. A Microsoft blog stated "we are aware of very limited and targeted attacks seeking to exploit this vulnerability."

On Wednesday security researchers reported finding a zero-day flaw affecting Microsoft Internet Explorer 7.

According to Microsoft Security Advisory 960906, the flaw only affects users of Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. This issue does not affect Windows XP Service Pack 3, … Read more

Microsoft fixes 28 flaws; 6 are critical

Microsoft on Tuesday released its December 2008 security bulletin. The "critical" bulletins affect Windows GDI, Word, Excel, Internet Explorer and Windows Search. The "important" updates affect SharePoint and Windows Media Components.

Microsoft is including within each bulletin an "exploitability index" to help system administrators prioritize the patches. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-070: Critical

Exploitability index: 1-2. Microsoft recommends that customers apply the update immediately. Titled "Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX … Read more

Buzz Out Loud 859: Don't get your flops in a watt

Rafe and Molly square off over the reuse of air conditioning technology, the fail whale sinks a deal between Facebook and Twitter, Gmail is cracked, and an enterprising astronaut creates the ultimate in must-have space tech: a zero-G coffee cup.

Listen now: Download today's podcast EPISODE 859

Twitter rebuffs a Facebook poke? http://news.cnet.com/8301-17939_109-10106391-2.html

Gmail exploit may allow attackers to forward e-mail http://news.cnet.com/8301-1009_3-10106275-83.html http://www.makeuseof.com/tag/breaking-gmail-security-flaw-more-domains-get-stollen/

EU strikes down French “3 strikes” copyright infringement law http://tech.slashdot.org/article.pl?sid=08/11/23/1952248

Has … Read more