Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

Technical details of the targeted attack using IE vulnerability CVE-2013-3918

Over the weekend we became aware of an active attack relying on an unknown remote code execution vulnerability of a legacy ActiveX component used by Internet Explorer. We are releasing this blog to confirm one more time that the code execution vulnerability will be fixed in today’s UpdateTuesday release and to clarify some details about the second vulnerability reported.

msrc-blog
#vulnerability#web#mac#windows#git#rce
The October 2013 security updates

This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month’s priority releases (click for larger view).

Microsoft Releases Security Advisory 2887505

Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type.

Lovely tokens and the September 2013 security updates

Helen Hunt Jackson famously wrote, “By all lovely tokens September is here, with summer’s best of weather and autumn’s best of cheer.” I share Helen’s clear adoration for this time of year. As a sports fan, there are so many “lovely tokens” to enjoy. The baseball pennant race is heating up, college and pro football are underway, and various soccer leagues (real football to the rest of the world) continue.

MS13-068: A difficult-to-exploit double free in Outlook

MS13-068 addresses a memory corruption vulnerability accessible by simply previewing a message in the Outlook Preview Pane. As such, we’ve rated this security vulnerability as Critical and we encourage customers to deploy the security update. However, in this case, we believe this particular vulnerability will be difficult to exploit for code execution.

Leaving Las Vegas and the August 2013 security updates

Two weeks ago I, along with 7,500 of my closest friends, attended the Black Hat security conference in Las Vegas, NV. I can’t speak for everyone, but I certainly had a great – if not exhausting – time while there. While there were a lot of great talks, a personal highlight for me each year is the chance to meet and talk with the various people who attend.

The story of MS13-002: How incorrectly casting fat pointers can make your code explode

C++ supports developers in object-orientated programming and removes from the developer the responsibility of dealing with many object-oriented programming (OOP) paradigm problems. But these problems do not magically disappear. Rather it is the compiler that aims to provide a solution to many of the complexities that arise from C++ objects, virtual methods, inheritance etc.

Attention Bounty Hunters – The Ramp Up to Black Hat

We’re three weeks into our new world of bounties for Microsoft products now, and as the clock ticks down on one program, we’re prepping for some live excitement with one of the others. First, the Internet Explorer 11 Preview Bounty is entering its final 10 days; the bounty period for that program closes on the 26th of July.

A new policy for store apps and the July 2013 security updates

There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m involved in releasing security updates.

New Bounty Program Details

Today we announced the upcoming Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty program. It’s very exciting to finally take the wraps off of these initiatives and we are anticipating some great submissions from the security research community! These programs will allow us to reward great work by researchers and improve the security of our software – all to the benefit of our customers.