HackDig : Dig high-quality web security articles for hacker

IE zero day and heap of RDP flaws fixed in February Patch Tuesday

byJohn E DunnWeeks after the world first got wind of it, Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as ‘critical’ and 87 ‘important’.Th
Publish At:2020-02-15 12:44 | Read:449 | Comments:0 | Tags:Adobe Internet Explorer Microsoft Operating Systems Vulnerab

From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-2019-1208 in Internet Explorer

By Elliot Cao (Vulnerability Researcher)  Last June, I disclosed a use-after-free (UAF) vulnerability in Internet Explorer (IE) to Microsoft. It was rated as critical, designated as CVE-2019-1208, and then addressed in Microsoft’s September Patch Tuesday. I discovered this flaw through BinDiff (a binary code analysis tool) and wrote a proof of concept (PoC)
Publish At:2019-09-19 14:50 | Read:1462 | Comments:0 | Tags:Vulnerabilities BinDiff CVE-2019-1208 Internet Explorer VBSc

Microsoft, Adobe Ship Critical Fixes

Microsoft today released security updates to fix almost a hundred security flaws in its various Windows operating systems and related software. One bug is so serious that Microsoft is issuing patches for it on Windows XP and other operating systems the company no longer officially supports. Separately, Adobe has pushed critical updates for its Flash and Shoc
Publish At:2017-06-13 16:05 | Read:3583 | Comments:0 | Tags:Other Adobe Flash Player update June 2017 CVE-2017-8543 Edge

CVE-2016-3298: Microsoft Puts the Lid on Another IE Zero-day Used in AdGholas Campaign

Microsoft’s Patch Tuesday for October fixed another previous zero-day vulnerability in Internet Explorer (IE) via MS16-118 and MS16-126: CVE-2016-3298. Before the lid was put on it, the security flaw was employed alongside CVE-2016-3351 by operators of the AdGholas malvertising campaign, analysis and disclosure of which were made with our collaboration with
Publish At:2016-11-19 12:05 | Read:4176 | Comments:0 | Tags:Exploits Vulnerabilities AdGholas CVE Internet Explorer malv

VERT Threat Alert: November 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-698 on Wednesday, November 9th.Ease of Use (published exploits) to Risk TableAutomated Exploit   MS16-132MS16-135Easy    Moderate    Difficult    Extremely DifficultMS16-129MS16-1
Publish At:2016-11-10 04:46 | Read:5304 | Comments:0 | Tags:Vulnerability Management Adobe Flash internet explorer micro

Microsoft: No More Pick-and-Choose Patching

Adobe and Microsoft today each issued updates to fix critical security flaws in their products. Adobe’s got fixes for Acrobat and Flash Player ready. Microsoft’s patch bundle for October includes fixes for at least five separate “zero-day” vulnerabilities — dangerous flaws that attackers were already exploiting prior to today
Publish At:2016-10-12 06:15 | Read:3498 | Comments:0 | Tags:Other adobe flash player Edge GDI+ internet explorer microso

VERT Threat Alert: August 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 9 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-684 on Wednesday, August 10th.EASE OF USE (PUBLISHED EXPLOITS) TO RISK TABLEAutomated ExploitEasyModerateDifficultExtremely DifficultNo Known ExploitMS16-100MS16-103 MS16-095MS16-0
Publish At:2016-08-10 09:50 | Read:4095 | Comments:0 | Tags:Vulnerability Management internet explorer microsoft Patch T

Adobe, Microsoft Patch Critical Security Bugs

Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software. First off, if you have Adobe Flash Player Installed and haven
Publish At:2016-07-13 14:50 | Read:3500 | Comments:0 | Tags:Time to Patch adobe chrome Edge firefox Flash version 22.0.0

Personal Security: Why you Should Update your OS & Internet Browser TODAY

  If you’re one of the people who is still stubbornly holding onto Windows XP (which stopped receiving support and security updates as of April 8, 2014), it’s time to let go. Likewise, if you’re using an outdated version of your preferred internet browser, it’s time to update. Right now. Why? In both scenarios, you’re putti
Publish At:2016-03-18 01:50 | Read:6702 | Comments:0 | Tags:Thought Leadership browser security Browser Update Chrome Fi

Adobe, Microsoft Push Critical Updates

Microsoft today pushed out 13 security updates to fix at least 39 separate vulnerabilities in its various Windows operating systems and software. Five of the updates fix flaws that allow hackers or malware to break into vulnerable systems without any help from the user, save for perhaps visiting a hacked Web site. The bulk of the security holes plugged in th
Publish At:2016-03-11 07:20 | Read:4007 | Comments:0 | Tags:Time to Patch adobe flash player Adobe Reader Update Edge in

Microsoft Patch Tuesday – March 2016

Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, W
Publish At:2016-03-09 08:15 | Read:3163 | Comments:0 | Tags:Threat Research internet explorer Microsoft office patch tue

The InfoSecond, Week of Jan. 25: Cybercrime Predictions, Health Apps in Trouble & More!

New week, new… news. In our latest InfoSecond edition, we’re revealing the test results of a health care apps study (spoiler: it’s not good), looking at cybercrime predictions for 2016, identifying Android Trojan malware that’s targeting banking apps, “mourning” the end of life of several Internet Explorer versions, and pr
Publish At:2016-01-25 17:05 | Read:3651 | Comments:0 | Tags:Application Security Health Care Android Cybercrime Health C

January Patch Tuesday: Support Ends for Windows 8, Limited for Older IE Versions; 17 Adobe Flaws Resolved

The life cycle of Windows 8, the first operating system Microsoft intended for both desktop and mobile use, has ended. After this January 2016 Patch Tuesday release, users who have not yet updated/upgraded to Windows 8.1 (which was made available in late 2013) or Windows 10 will stop receiving updates. Updating to Windows 8.1 or 10 is currently free for Wind
Publish At:2016-01-13 04:50 | Read:6008 | Comments:0 | Tags:Vulnerabilities Adobe Internet Explorer Microsoft Patch Tues

Microsoft Patches 71 Flaws, Two Under Attack; Warns of Leaked XBox Live Cert

Forgive your local Windows admin if they’re a little shy on holiday cheer in the coming days. Blame instead Microsoft for foisting upon them on Tuesday 71 security patches, including two for vulnerabilities in Office and the Windows kernel currently under attack.Microsoft also issued a separate advisory that warns users of a leaked Xbox Live certificat
Publish At:2015-12-09 06:15 | Read:3150 | Comments:0 | Tags:Microsoft Vulnerabilities IE10 support IE11 Internet Explore

November Patch Tuesday Brings 12 Bulletins, Four Critical

Microsoft today pushed out 12 bulletins as part of November’s Patch Tuesday, including four critical updates, all of which can lead to remote code execution.The update is rounded out by fixes for Windows, Lync, .NET, and Skype for Business, but there are two critical fixes that affect browsers on practically every build of Windows, Internet Explorer an
Publish At:2015-11-11 09:50 | Read:3827 | Comments:0 | Tags:Microsoft Vulnerabilities Edge Edge patches IE patches Inter


Share high-quality web security related articles with you:)


Tag Cloud