The targeted attack that exploited a previously unknown vulnerability in Adobe's Reader application last month was extremely focused on defense industrial base firms, and affected just a handful of systems, according to a company spokesman.
Exploit code for a recently patched denial-of-service (DoS) vulnerability that affects Microsoft's ASP.NET Web development platform has been published online, therefore increasing the risk of potential attacks.
Microsoft has released the following updates: Update for Windows Mail Junk E-mail Filter for x64-based Systems [January 2012] (KB905866), Update for Windows Mail Junk E-mail Filter [January 2012] (KB905866), Microsoft Anti-Cross Site Scripting Library V4.2, Security Update for Windows Server 2008 R2 x64 Edition (KB2631813), Update for Windows XP (KB2632503), Security Update for Windows Server 2008 (KB2646524), Security Update for Windows Server 2003 x64 Edition (KB2598479), Security Update for Windows Server 2008 (KB2644615), Security Update for Windows Server 2008 for Itanium-based Systems (KB2631813), Security Update for Windows Vista for x64-based Systems (KB2598479), Security Update for Windows Server 2008 x64 Edition (KB2598479), Security Update for Windows XP (KB2631813), Security Update for Windows Server 2008 for Itanium-based Systems (KB2598479), Security Update for Windows Vista (KB2598479), Security Update for Windows 7 for x64-based Systems (KB2644615), Update for Windows 7 for x64-based Systems (KB2632503), Security Update for Windows Server 2003 (KB2644615), Security Update for Windows 7 (KB2631813), Security Update for Windows Server 2008 x64 Edition (KB2646524), Security Update for Windows Server 2003 x64 Edition (KB2603381), Security Update for Windows Server 2003 (KB2631813), Security Update for Windows Server 2003 x64 Edition (KB2644615), Security Update for Windows XP x64 Edition (KB2598479), Security Update for Windows Vista (KB2631813), Security Update for Windows Embedded Standard 7 (KB2644615), Security Update for Windows Server 2003 for Itanium-based Systems (KB2646524), Update for Windows Vista for x64-based Systems (KB2632503), Security Update for Windows Server 2008 for Itanium-based Systems (KB2644615), Security Update for Windows Server 2003 x64 Edition (KB2631813), Security Update for Windows Server 2008 x64 Edition (KB2644615), Update for Windows XP x64 Edition (KB2632503), Update for Windows Server 2008 x64 Edition (KB2632503), Security Update for Windows Server 2003 (KB2646524), Security Update for Windows XP (KB2646524), Security Update for Windows Vista for x64-based Systems (KB2644615), Security Update for Windows Vista for x64-based Systems (KB2646524), Security Update for Windows Server 2003 for Itanium-based Systems (KB2638806), Security Update for Windows Vista for x64-based Systems (KB2631813), Security Update for Windows Server 2003 for Itanium-based Systems (KB2631813), Update for Windows Server 2008 R2 x64 Edition (KB2636573), and Security Update for Windows XP x64 Edition (KB2631813)
Seculert Cyber Threat Management has done a lot of research on the Ramnit worm and recently spotted it targeting Facebook accounts stealing over 45,000 logins mostly from the UK and France
This week a program was released to allow brute force cracking of vulnerabilities in wifi protected networks
Microsoft published a Security Bulletin Advance Notification for December 2011
H Online posted a story that a vulnerability in the 64-bit version of Windows 7 may permit attackers to run malicious code with kernel privileges
ComputerWorld posted a story that Adobe plans to release a patch for an older version of the Reader PDF viewer to stymie attacks like those aimed at major defense contractors earlier this month.
Microsoft has released the following security updates: Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2618444), Security Update for Microsoft Office Publisher 2007 (KB2596705), Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2618444), Security Update for Windows Vista for x64-based Systems (KB2621146), Security Update for Windows Server 2003 x64 Edition (KB2620712), Security Update for Windows Server 2003 x64 Edition (KB2621146), Security Update for Windows Vista (KB2621146), Security Update for Windows 7 for x64-based Systems (KB2639417), Security Update for Windows 7 (KB2620712), Security Update for Windows Server 2008 for Itanium-based Systems (KB2639417), Security Update for Windows XP x64 Edition (KB2620712), Security Update for Windows Server 2008 x64 Edition (KB2621146), Security Update for Windows XP (KB2633171), Security Update for Windows Server 2008 R2 x64 Edition (KB2621146), Security Update for Windows XP (KB2624667), Security Update for Windows Vista for x64-based Systems (KB2639417), Security Update for Windows Server 2008 R2 x64 Edition (KB2620712), Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2620712), Security Update for Windows Server 2003 x64 Edition (KB2624667), Security Update for Windows 7 (KB2621146), Security Update for Windows Server 2003 for Itanium-based Systems (KB2639417), Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2620712), and Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2639417)
Microsoft published the Microsoft Security Bulletin Advance Notification for December 2011
Adobe has released patches for a string of critical vulnerabilities in Flash on all of the major supported platforms
Microsoft has released an updated certificate revocation list for Windows
Microsoft released only four new security bulletins for November's Patch Tuesday, but the main concern is that the zero day flaw exploited by the Duqu worm is not addressed by any of them.
Microsoft has released 43 security updates
Microsoft has released a workaround for the Windows kernel zero-day vulnerability exploited by the Duqu malware
Mozilla and Microsoft said Thursday they are revoking trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority (CA)
Microsoft published the Microsoft Security Bulletin Advance Notification for November 2011
Malware exploits Microsoft Windows kernel zero-day vulnerability. Installer file is a Word document.
The Duqu trojan infects systems by exploiting a previously unknown Windows kernel vulnerability that is remotely executable.
Microsoft has released a security update for Windows XP, Windows XP x64 Edition, and Windows Server 2003
The UKs largest telco and ISP BT has been ordered by the High Court in London to block access to a site called Newzbin2 which the Hollywood movie industry claimed was allowing users to access unlicensed material.
PC World posted a story that Sony has suspended 93,000 user accounts on several of its gaming and entertainment networks after unauthorized login attempts on those accounts
Microsoft released the second round of security updates
Microsoft has released 40 security updates for Internet Explorer, Windows, and Unified Access Gateway 2010
The Inquirer posted a story that Microsoft has analyzed the various methods of malware propagation used by attackers during the first six months of 2011 and concluded that zero-day exploits are the least of its concerns.
Microsoft published the Microsoft Security Bulletin Advance Notification for October 2011
ComputerWorld posted a story that Microsoft today said it will issue a Windows security update to plug a long-known hole in the protocol that secures websites.
Microsoft published the second round of security updates
Microsoft has released September 2011 Security Release ISO Image. This DVD5 ISO image file contains the security updates for Windows released on Windows Update on September 13, 2011.
Microsoft has released the following updates: Microsoft Office 2011 14.1.3 Update, Security Update for Microsoft Office SharePoint Server 2007 (KB2553002), 64-bit Edition, Security Update for Microsoft Office SharePoint Server 2010 (KB2494022), Security Update for Microsoft Office Groove Server 2010 (KB2508965), Security Update for Microsoft SharePoint Workspace 2010 (KB2566445), 64-Bit Edition, Security Update for Microsoft SharePoint Server 2010 (KB2566958), Security Update for Microsoft Office Forms Server 2007 (KB2553005), 64-bit Edition, and Security Update for Microsoft SharePoint Workspace 2010 (KB2566445), 32-Bit Edition
Computerworld reports that the hacker who calls himself "Comodohacker" said this week that he could have used digital certificates stolen from a Dutch firm to issue fake updates to Windows PCs.
Microsoft published the Microsoft Security Bulletin Advance Notification for September 2011
Computerworld posted a story that hackers are using a new trick to cloak malicious files by disguising their Windows file extensions to make them appear safe to download, a Czech security company warned today.
Microsoft has released an update for the certificate revocation list on Windows systems
Computerworld posted a story that Microsoft said that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.
Microsoft updated Microsoft Security Advisory (2607712): Fraudulent Digital Certificates Could Allow Spoofing to version 2.0
Threatpost posted a story that the Morto worm that began compromising machines via open RDP services this past weekend is continuing its work, going after workstations and servers and creating large amounts of network traffic from TCP port 3389.
Microsoft updated security bulletin MS11-069 to version 1.1
InformationWeek posted an article what Microsoft's final security review team learned during the three-month code review of Windows Vista
Threadpost reports that the maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved.
Microsoft updated security bulletin MS11-063 to version 1.1
Threatpost reports that there has been a huge spike in spam volume in the last few days, including a massive amount of malicious spam with infected attachments
Analysis: Think Windows is insecure? You're wrong, says security firm Kaspersky.
Microsoft updated the following 3 security bulletins:: MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) - Version:1.1, MS11-059 - Important: Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) - Version:1.1, and MS11-045 - Important: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) - Version:1.1
Computerworld posted a news story that Microsoft has patched a security vulnerability dubbed "Ping of Death."
Microsoft published the Microsoft Security Bulletin Re-Releases for August 2011
Microsoft published the Microsoft Security Bulletin Summary for August 2011
Microsoft has published the second roundup of updates
Microsoft just released 36 security updates
Computerworld posted a news story that Microsoft this week urged users to keep an oft-criticized Windows security feature turned on, even as it said that more malware is disabling the tool.
