Microsoft patches IE zero-day and Flash flaws in IE 10
Posted on 21 September 2012.
Microsoft has delivered on its promise and has issued a security update for Internet Explorer to address the zero-day memory-corruption vulnerability in versions 9 and earlier that is currently being exploited in attacks.

The update also takes care of four privately disclosed vulnerabilities that are currently not being exploited.

In addition to this, Microsoft has also released an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012, in order to close two vulnerabilities that could allow remote code execution.

One of them - CVE-2012-1535 - is currently exploited by the Elderwood gang - a hacker group whose activities have been recently exposed by Symantec researchers.

"We recognize there has been some discussion about our update process as it relates to Adobe Flash Player. Microsoft is committed to taking the appropriate actions to help protect our customers and we are working closely with Adobe to deliver quality protections that are aligned with Adobe’s update process," commented Yunsun Wee, director of Microsoft Trustworthy Computing.

He also announced that with respect to Adobe Flash Player in Internet Explorer 10, users can expect regular updates on a quarterly basis, and additional unscheduled updates if the threat landscape requires it.

"Internet Explorer zero-days have been very rare in recent months. The last IE zero-day was in December of 2010 and it was patched in the February, 2011 patch Tuesday. The good news is that zero days are becoming far less frequent across all Microsoft products," Andrew Storms, director of security operations for nCircle, commented for Help Net Security.

"Microsoft’s ability to go from advisory to patch release so quickly demonstrates their commitment to providing customers with a secure computing environment. Earlier this year, Microsoft stated that they had enough resources to deliver an IE patch every month if necessary. Those additional resources certainly helped them deliver this patch in record time.”

Users who have not enabled automatic updating are advised to manually check for updates and download and install both of today's updates as soon as possible.






Spotlight

Most popular Android apps open users to MITM attacks

Posted on 21 August 2014.  |  An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing MITM attacks, and occasionally additional ones, as well.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //