Latest news
Microsoft has delivered on its promise and has issued a security update for Internet Explorer to address the zero-day memory-corruption vulnerability in versions 9 and earlier that is currently being exploited in attacks.The update also takes care of four privately disclosed vulnerabilities that are currently not being exploited.
In addition to this, Microsoft has also released an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012, in order to close two vulnerabilities that could allow remote code execution.
One of them - CVE-2012-1535 - is currently exploited by the Elderwood gang - a hacker group whose activities have been recently exposed by Symantec researchers.
"We recognize there has been some discussion about our update process as it relates to Adobe Flash Player. Microsoft is committed to taking the appropriate actions to help protect our customers and we are working closely with Adobe to deliver quality protections that are aligned with Adobe’s update process," commented Yunsun Wee, director of Microsoft Trustworthy Computing.
He also announced that with respect to Adobe Flash Player in Internet Explorer 10, users can expect regular updates on a quarterly basis, and additional unscheduled updates if the threat landscape requires it.
"Internet Explorer zero-days have been very rare in recent months. The last IE zero-day was in December of 2010 and it was patched in the February, 2011 patch Tuesday. The good news is that zero days are becoming far less frequent across all Microsoft products," Andrew Storms, director of security operations for nCircle, commented for Help Net Security.
"Microsoft’s ability to go from advisory to patch release so quickly demonstrates their commitment to providing customers with a secure computing environment. Earlier this year, Microsoft stated that they had enough resources to deliver an IE patch every month if necessary. Those additional resources certainly helped them deliver this patch in record time.”
Users who have not enabled automatic updating are advised to manually check for updates and download and install both of today's updates as soon as possible.
Spotlight
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
To hack back or not to hack back?
Posted on 12 June 2013. | If you think of cyberspace as a new resource for you and your organization, it makes sense to protect your part of it as best you can. But is it a good idea?
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
