Latest news
Microsoft has delivered on its promise and has issued a security update for Internet Explorer to address the zero-day memory-corruption vulnerability in versions 9 and earlier that is currently being exploited in attacks.The update also takes care of four privately disclosed vulnerabilities that are currently not being exploited.
In addition to this, Microsoft has also released an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012, in order to close two vulnerabilities that could allow remote code execution.
One of them - CVE-2012-1535 - is currently exploited by the Elderwood gang - a hacker group whose activities have been recently exposed by Symantec researchers.
"We recognize there has been some discussion about our update process as it relates to Adobe Flash Player. Microsoft is committed to taking the appropriate actions to help protect our customers and we are working closely with Adobe to deliver quality protections that are aligned with Adobe’s update process," commented Yunsun Wee, director of Microsoft Trustworthy Computing.
He also announced that with respect to Adobe Flash Player in Internet Explorer 10, users can expect regular updates on a quarterly basis, and additional unscheduled updates if the threat landscape requires it.
"Internet Explorer zero-days have been very rare in recent months. The last IE zero-day was in December of 2010 and it was patched in the February, 2011 patch Tuesday. The good news is that zero days are becoming far less frequent across all Microsoft products," Andrew Storms, director of security operations for nCircle, commented for Help Net Security.
"Microsoft’s ability to go from advisory to patch release so quickly demonstrates their commitment to providing customers with a secure computing environment. Earlier this year, Microsoft stated that they had enough resources to deliver an IE patch every month if necessary. Those additional resources certainly helped them deliver this patch in record time.”
Users who have not enabled automatic updating are advised to manually check for updates and download and install both of today's updates as soon as possible.
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
