As fresh as the New Year is the new round of Patch Tuesday releases for the year. For January, Microsoft released the following two (2) security bulletins: Critical Bulletin MS08-001 Vulnerability in Windows TCP/IP Could Allow Remote Code Execution (941644) Important Bulletin MS08-002 Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) Windows users are advised to keep their systems up-to-date by applying the necessary patches supplied by Microsoft. You may refer here for the Windows Update Center.

Microsoft seems to have started its 2008 on the wrong foot and drawing criticism just a day after the New Year. The Register is reporting Microsoft’s Office 2003 Service Pack 3 to be blocking old file formats that were defined to be less secure. This includes legitimate file formats accessible to Microsoft’s own applications, such as MS Office Excel 2003, MS Office PowerPoint 2003, and MS Word 2003. This update also blocks file formats supported by Corel Draw, a graphics ...

It’s the season of giving and unfortunately, malware authors are feeling generous. A Trojan detected by Trend Micro as TROJ_PPDROP.K is being spammed through email as a PowerPoint slideshow with the filename Merry Christmas.pps-1. When the user opens the file, it exploits an older, known vulnerability in unpatched Microsoft Excel versions -- which then extracts and executes another file, Merry Christmas.exe-1 -- detected as BKDR_AGENT.ADGS. This backdoor then injects into Outlook Express, gathering email account credentials and webmail logins, which it ...

Microsoft released two heavy-hitting patches this Tuesday: Critical Bulletins: MS07-061 Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) Important Bulletins: MS07-062 Vulnerability in DNS Could Allow Spoofing (941672) The first one ends the long wait for the patch that will address the URI vulnerability that allows cross-browser scripting in a POC last July. The second one addresses a vulnerability in DNS that could allow malicious users to spoof a page. Users are enjoined to download the above patches to protect themselves from relevant attacks. Click here ...