patch

26 Windows, Office holes patched in 13 bulletins

Microsoft fixed 26 vulnerabilities in 13 security bulletins as part of its Patch Tuesday, including critical ones for Windows that could be exploited to take control of a computer and one that has resided in the 32-bit Windows kernel since its release 17 years ago.

The top priorities for deployment are bulletins plugging holes in the SMB (Server Message Block) Protocol, Windows Shell Handler, ActiveX via Internet Explorer, DirectShow, and the 32-bit version of Windows, Jerry Bryant, a lead senior security communications manager at Microsoft, wrote in a blog post.

The DirectShow bulletin should be at the top of the … Read more

Microsoft to patch 26 holes in Windows, Office

Microsoft will patch 26 holes next week, including critical ones in Windows, one affecting the kernel of 32-bit versions, and several holes in Office, the company said Thursday in a preview of its Patch Tuesday.

Five of the 13 bulletins affect vulnerabilities that could lead to remote code execution and they are rated critical. The bulletins affect Windows 2000, XP, Vista, and Windows 7, as well as Server 2003 and 2008, Office XP, Office 2003 and Office 2004 for Mac, according to the advisory.

"The Office-related bulletins are both rated Important and would require user action to be exploited (… Read more

Apple patch plugs iPhone, iPod Touch holes

Apple issued a patch on Tuesday for the iPhone and iPod Touch that plugs five holes, including several that could allow an attacker to take control of the device remotely.

Three of the vulnerabilities could allow someone to run code remotely, if an iPhone or iPod Touch user opened malicious audio or image files, or accessed a malicious FTP (File Transfer Protocol) server, Apple said.

Another vulnerability could allow someone with physical access to one of the devices to bypass the passcode on a locked device and access the data.

The patch affects iPhone OS 3.1.3 and iPhone … Read more

Fixes in for Windows 2000, Adobe Reader

Microsoft patched a critical hole in Windows 2000 on Tuesday that could allow an attacker to take control of a computer if a user viewed a maliciously crafted Embedded OpenType font in Internet Explorer, Office PowerPoint, or Word.

The security bulletin is rated "low" severity for Windows 7, Vista, XP, Server 2003, and Server 2008 operating systems, according to the Microsoft advisory, which gave credit for discovering the vulnerability to a Google researcher.

According to Microsoft's Exploitability Index, the hole is rated "2" which means "inconsistent exploit code likely" while "exploitation of … Read more

Microsoft, Adobe prep critical security patches

Microsoft will issue one bulletin on Patch Tuesday next week that is rated "critical" for Windows 2000.

The patch is designed to address a vulnerability that could allow an attacker to take control of a computer by remotely executing code on it, according to an advisory released Thursday. It is rated "low" severity for Windows 7, Vista, XP, Server 2003, and Server 2008 operating systems.

Meanwhile, Adobe Systems is scheduled to release a patch for a vulnerability in Adobe Reader and Acrobat on Tuesday that was discovered in mid-December and which is being exploited by attacks … Read more

Microsoft plugs zero-day IE hole

Microsoft released fixes on Tuesday for critical vulnerabilities in Internet Explorer, including one for which exploit code has been released.

Adobe, meanwhile, was scheduled to release a critical update affecting Flash Player and Adobe AIR, following news of exploit code being released for a vulnerability in Illustrator CS3 and CS4 on Windows and Mac last week.

Microsoft's regular Patch Tuesday release includes six security bulletins addressing 12 vulnerabilities in IE, Windows, Windows Server, and Office.

However, priority should be given to the cumulative IE bulletin, which affects all major Windows versions including Windows 7, IE 6, IE 7, and … Read more

Microsoft to plug critical IE hole targeted by exploit code

Microsoft said on Thursday that it will offer six updates for 12 vulnerabilities next week including a critical hole in Internet Explorer that affects Windows 7 and other current versions of the operating system for which exploit code has been released.

Late last month, Microsoft said it was investigating an IE vulnerability after someone released proof-of-concept code affecting IE 6 and IE 7 that could be used to take control of computers.

Microsoft described the problem in an advisory issued November 23: "The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions … Read more

Microsoft: November security updates are fine

Microsoft said Tuesday that its investigation has turned up no evidence that anything in its November security updates should be causing users to encounter a so-called "black screen of death."

"Microsoft has investigated reports that its November security updates made changes to permissions in the registry that that are resulting in system issues for some customers," Microsoft security response communications lead Christopher Budd said in a statement. "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described … Read more

Microsoft investigating 'black screen of death'

Microsoft said on Monday that it is looking into reports that its latest security updates are causing some serious problems for certain users.

The problem has been dubbed the "black screen of death" because those affected are left with a black desktop and little else on their screen.

"Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers," the software maker said in a statement. "Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues. "

The issue … Read more