Posts Tagged ‘microsoft’
Still using XP ? This bug might just make you upgrade !
Microsoft has warned of a new security hole that could be exploited by attackers to take control of older Windows systems running Internet Explorer and for which proof-of-concept exploit code has been released publicly.
The vulnerability affects Windows 2000, XP and Server 2003-based systems, Microsoft said in a security advisory dated March 1.
Microsoft said that the vulnerability in VBScript could allow remote code execution of computers. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user,” Microsoft said on its Web site, “On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue.” Windows Vista, Windows 7, and Windows Server 2008 are not affected. More »
Hackers can now see all the Files on your System ! IE warning ! Use Chrome :)
Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files with an already known filename and location.
The vulnerability was first discussed at this week’s Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser’s Protected Mode feature.
Medina’s presentation demonstrated how an attacker can read every file of an IE user’s filesystem. The attack scenario leveraged different design features of Internet Explorer that can be combined to do serious damage.
Here’s more on Medina’s talk from DarkReading’s Kelly Jackson-Higgins:
[Medina] says More »
Windows 7 holes fixed in record Patch
Microsoft released a record number of 13 bulletins for 34 vulnerabilities on Patch Tuesday–and the first critical update for Windows 7–as well as fixes for zero-day flaws involving Server Message Block (SMB) and Internet Information Services (IIS).
The most severe of the three SMB flaws, which were first reported last month, could allow an attacker to take control of a computer remotely by sending a specially crafted SMB packet to a computer running the Server service. Exploit code for one of the SMB holes has been posted to the Web, Microsoft said.
Windows 7 is affected by two critical patches intended to mend vulnerabilities that could allow remote code execution if a malicious Web page were viewed, one part of a cumulative security update for Internet Explorer and the other in .Net Framework and Silverlight.
The official release date for Windows 7 is October 22, but the new operating system has been available to some large businesses with volume licenses since the summer. The code was finalized in July.
Other critical patches in the security bulletin for October fix a vulnerability in More »
