Trend Micro warns in their blog about malware that exploits MIDI remote code execution vulnerability. Exploiting happens when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file. According to the blog post infection vector is a malicious HTML exploiting the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file and a JavaScript code file.
The exploited vulnerability was already addressed with an update (MS12-004) in Microsoft's last patch Tuesday. To protect against the threat users of affected systems should get this update installed as soon as possible.
More details about the malware in Trend Micro blog.
Saturday, January 28, 2012
Tuesday, January 24, 2012
Chrome Updated
Google has released a new version of their Chrome web browser. Version 16.0.912.77 contains fixes to five vulnerabilities of which one is categorized as critical and four as high.
More information in Google Chrome Releases blog.
More information in Google Chrome Releases blog.
Thursday, January 19, 2012
Oracle Critical Patch Update For Q1 of 2012
Oracle has released updates for their products that fix 78 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in April 2012.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in April 2012.
Saturday, January 14, 2012
ESET Global Threat Report for December 2011
ESET has released a report discussing global threats of December 2011.
TOP 10 threats of 2011 list:
1. INF/Autorun
2. Win32/Conficker
3. Win32/Sality
4. Win32/PSW.OnLineGames
5. HTML/Iframe.B
6. HTML/ScrInject.B
7. Win32/Autoit
8. Win32/Bflient
9. Win32/Tifaut
10. Win32/Spy.Ursnif.A
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats of 2011 list:
1. INF/Autorun
2. Win32/Conficker
3. Win32/Sality
4. Win32/PSW.OnLineGames
5. HTML/Iframe.B
6. HTML/ScrInject.B
7. Win32/Autoit
8. Win32/Bflient
9. Win32/Tifaut
10. Win32/Spy.Ursnif.A
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Wednesday, January 11, 2012
Vulnerabilities In Wireshark
There has been found three vulnerabilities in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerabilities an attacker may be able to make Wireshark crash, hang, or execute arbitrary code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Vulnerable versions are all versions prior 1.4.11 or 1.6.5.
Non vulnerable version of Wireshark can be downloaded here.
More information can be read from these advisories:
- http://www.wireshark.org/security/wnpa-sec-2012-01.html
- http://www.wireshark.org/security/wnpa-sec-2012-02.html
- http://www.wireshark.org/security/wnpa-sec-2012-03.html
Vulnerable versions are all versions prior 1.4.11 or 1.6.5.
Non vulnerable version of Wireshark can be downloaded here.
More information can be read from these advisories:
- http://www.wireshark.org/security/wnpa-sec-2012-01.html
- http://www.wireshark.org/security/wnpa-sec-2012-02.html
- http://www.wireshark.org/security/wnpa-sec-2012-03.html
Tuesday, January 10, 2012
Adobe Reader And Acrobat Security Updates
Adobe has released security updates to fix a bunch of critical vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat.
Affected versions:
*of series X (10.x)
Adobe Reader 10.1.1 and earlier
Adobe Acrobat 10.1.1 and earlier
*of series 9.x
Adobe Reader 9.4.7 and earlier
Adobe Acrobat 9.4.7 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*of series X (10.x)
Adobe Reader 10.1.1 and earlier
Adobe Acrobat 10.1.1 and earlier
*of series 9.x
Adobe Reader 9.4.7 and earlier
Adobe Acrobat 9.4.7 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Microsoft Security Updates For January 2012
Microsoft has released security updates for January 2012. This month update contains seven security bulletins of which one critical and six important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
For consumer the easist way to get the update is to use Microsoft Update service.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
For consumer the easist way to get the update is to use Microsoft Update service.
Monday, January 9, 2012
Fix For WordPress Available
There has been fixed an XSS (cross site scripting) vulnerability in WordPress. The vulnerability could allow an attacker to put malicious content on affected site. Affected are WordPress versions earlier than 3.3.1.
More information can be read from WordPress blog.
More information can be read from WordPress blog.
Saturday, January 7, 2012
Update For Chrome Available
Google has released a new version of their Chrome web browser. Version 16.0.912.75 contains fixes to three vulnerabilities of which all of them being categorized as high.
More information in Google Chrome Releases blog.
More information in Google Chrome Releases blog.
Subscribe to:
Posts (Atom)
