Microsoft Corp. today issued software updates to plug at least nine different security holes in its various Windows operating systems and other software. Today's patch batch includes fixes for two very serious flaws that are actively being exploited by attackers to break into vulnerable PCs. Redmond issued patches to fix the vulnerability in itsVideo ActiveX Control for Internet Explorer, as well as the DirectShow flaw in Windows. Criminals currently are using both security holes to plant rogue software on PCs when users visit certain hacked or malicious Web sites. Contrary to what Microsoft itself said, the company did not release an official patch to plug the other ActiveX flaw hackers are actively exploiting -- which I first wrote about yesterday. Instead, it has released an interim workaround to blunt the threat from that weakness. Unfortunately, someone at Redmond seems to be a little confused about this point. In its advisory,
Microsoft Patches Nine Security Flaws
Vuln: Microsoft Internet Explorer Web Folder Behaviors Cross-Domain Scripting Vulnerability
Microsoft Internet Explorer Web Folder Behaviors Cross-Domain Scripting Vulnerability
Read more »Vuln: Microsoft Windows Explorer Web View Script Injection Vulnerability
Microsoft Windows Explorer Web View Script Injection Vulnerability
Read more »Microsoft admits it knew of critical IE bug in early '08
Microsoft on Thursday confirmed it has known about a bug behind widespread Internet Explorer attacks for more than a year, but defended its security process against critics who say it should have acted faster.
Read more »McAfee Reveals Cybercrime Response Unit
McAfee has released a free, new service to help people determine if they have been the victim of cybercrime and what to do about it.
McAfee Reveals Cybercrime Response Unit
The Cybercrime Response Unit is part of a multipoint initiative launched in October of lat year to promote education about and awareness of cybercrime and help bridge communication between victims, law enforcement, and financial institutions.
The CRU will scan a person's computer to determine the likelihood the machine is infected. Users are warned even if it appears their computing habits appear to put the user at risk. Part of this is achieved via a series of questions about the users' computer habits.
McAfee's site does offer an actual scanner, as well, called the Cybercrime Scanner, which searches for unwanted processes, unauthorized connections, modifications, and visits to know malicious websites. The Scanner only works on Internet Explorer so far.
If the CRU determines there is a computer to be at risk of hacking or malicious software, users can go through the site to alert creditors and law enforcement.
Read more »Microsoft Fixes 23 Software Security Flaws
Microsoft on Tuesday issued eight security updates to plug at least 23 security holes in its Windows operating systems and other software. The patches are available through Windows Update or via Automatic Updates. One patch fixes six flaws in Internet Explorer 6 & 7 (the flaws are not present in IE8), including the carpetbombing issue. Microsoft addressed that vulnerability with this IE update, as well as with a stand-alone fix for Windows XP and newer Windows versions. Microsoft has rated this update critical, meaning attackers could exploit these IE flaws merely by convincing a user to visit a hacked or booby-trapped Web site. Redmond also issued updates to fix at least two zero-day threats, vulnerabilities that hackers have been exploiting in targeted attacks to break into Windows systems. These updates include a fix for an Microsoft Excel vulnerability, and an update for a hole in most supported versions of Wordpad/Microsoft
Microsoft patches 'insane' number of bugs
Microsoft Corp. Tuesday issued eight security updates that patch 23 vulnerabilities in Windows, Internet Explorer (IE), Excel and other parts of its software portfolio, a collection of fixes one researcher called "insane."
Read more »April Shower of Critical Microsoft Fixes
Microsoft Tuesday released patches for a variety of critical holes in Excel, Internet Explorer, WordPad and other Windows operating system and application components. Some of the flaws are already under active attack.
Read more »Vuln: Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
Read more »Vuln: Microsoft Internet Explorer Uninitialized Memory Variant Two Remote Code Execution Vulnerability
Microsoft Internet Explorer Uninitialized Memory Variant Two Remote Code Execution Vulnerability
Read more »