The last Patch Tuesday of the year features 11 bulletins, with five rated as Critical and the remaining as Important. This month's release addresses a notable zero-day vulnerability that was used in attacks. The particular bulletin—MS13-096—was noticeably absent in last month's Patch Tuesday. As previously reported, attackers took advantage of the vulnerability by embedding .DOC files with malicious .TIFF files to gain account privileges.
Unfortunately, another zero-day vulnerability remains unpatched. Microsoft earlier that a security fix for the escalation of privilege vulnerability ...
Trend Micro has acquired samples of an exploit targeting the recent zero-day vulnerability affecting Windows XP and Server 2003. This is an elevation of privilege vulnerability, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges.
We acquired this sample from a targeted attack. In this incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346) referenced in APSB13-15, which was released in ...
Recently, independent security researchers found that the Angler Exploit Kit had added Silverlight to their list of targeted software, using CVE-2013-0074. When we analyzed the available exploit, we found that in addition to CVE-2013-0074, a second vulnerability, CVE-2013-3896, in order to bypass ASLR. These vulnerabilities are discussed in two separate Microsoft security bulletins, namely MS13-022 and MS13-087, respectively.
This particular exploit checks what version of Silverlight is installed on a user's system and only runs on the following versions:
Up-to-date versions of Silverlight are not ...
Five years ago, Conficker/DOWNAD was first seen and quickly became notorious due to how quickly it spread and how much damage it caused.
Remarkably, after all that time, it's still alive. It can still pose a serious problem, as it can propagate to other systems on the same network as an infected machine - a factor that may explain its high rate of infection to this day.
Based on feedback from the Smart Protection Network, DOWNAD has been a leading threat for years. It ...
It's Patch Tuesday again, and Microsoft has served up eight bulletins this month, three of them rated Critical. One of the three critical bulletins - MS13-090 - deserves special mention, as it fixes a zero-day vulnerability (CVE-2013-3918) found just last week in an Internet Explorer ActiveX control. Separately, IE itself fixed ten vulnerabilities as part of MS13-088.
It's worth noting that another recent TIFF-related zero-day that we discussed has not been patched as part of this month's update, so the recommendations and work-arounds ...