Posts tagged as:

Browser

Microsoft Security Advisory (981374)

by certifiedbug on March 9, 2010

in Microsoft

TechNet

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.

http://www.microsoft.com/technet/security/advisory/981374.mspx

{ 0 comments }

win32hlp and Internet Explorer issue

by certifiedbug on February 28, 2010

in Microsoft

The Microsoft Security Response Center (MSRC)
Sunday, February 28, 2010

On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.

The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link.

Article: http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx

Microsoft is investigating the issue and will provide more information as it becomes available.

{ 0 comments }

Advance Notification for Out-of-Band Bulletin Release

January 20, 2010

The Microsoft Security Response Center (MSRC)
Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled [...]

Read the full article →

Security Advisory 979352 update will be released Out of Band

January 19, 2010

MSRC TEAM
Tuesday, January 19

Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.
We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an [...]

Read the full article →

Microsoft Advisory 979352 Update

January 18, 2010

MSRCTEAM
Monday January 18
Current threat landscape for Security Advisory 979352
As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6.
We have not seen successful attacks on Internet Explorer 8. We continue to recommend customers upgrade to Internet Explorer 8 to benefit from the [...]

Read the full article →

Microsoft Security Advisory 977981

November 23, 2009

Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: November 23, 2009
Version: 1.0
Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Our investigation so far has shown that Internet Explorer 5.01 Service [...]

Read the full article →

Grab bag

March 13, 2009

Anti-Social Networking
Differences between IE8 Compatibility View and IE7
Completing the Windows Experience with Windows Live
TinyURL usage becoming more common in Phishing and IM Attacks – Harry Waldron – Corporate and Home Security
Conficker.C variant set for April 1st surprise, CA says
Security Updates available for Adobe Reader 9 and Acrobat 9
Foxit version 3.0 fixes serious vulnerabilities in its [...]

Read the full article →

IE8 Blocker Toolkit Available

January 8, 2009

IEBlog
To help our users be more secure and up-to-date, we will distribute IE8 via Automatic Update (AU) and the Windows Update (WU) and Microsoft Update (MU) sites much like we did for IE7. We know that in a corporate environment, the IT organization will often want to delay the introduction of a new browser until [...]

Read the full article →

CSS expressions support ends with IE8 Beta 2

October 17, 2008

IE Blog.
Design criteria such as standard compliance, performance, reliability and security framed the design of IE8 as whole, for new as well as existing features. As a result, CSS expressions are no longer supported in IE8 standards mode. This change was announced previously on the IE blog, however, this post will provide a few more [...]

Read the full article →

Firefox 3.0.3 released to fix bug

September 27, 2008

Fast on the heels of the 3.0.2 release, Mozilla has updated Firefox to version 3.0.3.
Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708)
Download
Release notes

Read the full article →

← Previous Entries