exploit feed

exploit

Posts filed under exploit
2014Mon28Apr

And… Another one. This time in Flash.

Permalink | Shortlink | Comments (0) | TrackbackFiled in Linux, Microsoft, OS-X, SecurityTags: , , , , ,

Look.  Another security exploit.  This time in that bastion of ultimate security.. er.. hang on.. what’s this?  It’s in Flash?  This is news?  Oh, a *NEW* one in Flash.  Got it.

Ok.  Where were we?  Looks like another security vuln in the wild.  This one’s in Flash and effects all three major OSes.  Yep, that’s right you penguins..  Linux is included in this one.  So get your YUM and APT repos spun up and update those boxen.

Krebs has the details here: Adobe Update Nixes Flash Player Zero Day

So there you have it.  Two major web exploitable vulns in two days.  Waiting for the other two shoes to drop; Java and Acrobat.

PS: Is it strange that I’m using a terminal window to cut/paste text from websites to strip it of hidden formatting?  Yes?  It is?  Good.

Posted by scott April 28, 2014 at 8:41 pm
2014Mon28Apr

Code execution flaw in ALL versions of IE since 6.

Permalink | Shortlink | Comments (0) | TrackbackFiled in Microsoft, SecurityTags: , , , ,

April has been the month of monumental holes in security on the net.  First there was Heartbleed (and as always, XKCD has a great explanation of what the Heartbleed vulnerability is: http://xkcd.com/1353/)

Not to be outdone by a mere open source project, Microsoft has announced a new 0-day vulnerability in all versions of IE since IE 6.  How you can call something “0-day” when it’s been there 12 or 13 years I’m still kind of fuzzy on.

As I understand the bug, it allows an attacker to use a specifically crafted html page execute arbitrary code on the user’ machine under the credentials IE was assigned at launch.   If you’re running as an administrator (who does that in Windows??), you’re pretty much wide open.

Microsoft released a tech bulletin about the flaw over the weekend that goes into a bit of depth about the flaw and lists what versions of IE are vulnerable.  Basically all of them.  If you’re running Server 2008 R2 or later, you *should* be ok if you’re still running IE under limited credentials.

The bulletin is here: Microsoft Security Advisory 2963983

Microsoft hasn’t released a patch yet, but I suspect we’ll see something in a day or so as an out-of-band release.  I can’t imagine even Microsoft waiting around for this one.

 

Posted by scott April 28, 2014 at 3:16 pm
Categories
Click to view/hide
Calendar
Click to view/hide
April 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930