This vulnerability involves a new variant of the 'File Fragment Reading via .HTR' vulnerability, previous variants of which were discussed...
Showing results 1 to 20 of 280
This month's Patch Tuesday release includes three updates rated Critical, including a massive security update that fixes more than 40 flaws in Internet Explorer. A recently disclosed XSS vulnerability remains unpatched, however, and one Windows Server 2003 bug won't be fixed.
Google's security team has disclosed three separate zero-day vulnerabilities on Apple's OS X platform. It seems annoying Microsoft wasn't enough.
A privilege escalation bug being exploited in the wild could turn a normal user into a domain administrator.
UPDATED. I ran the numbers and vulnerabilities in browsers are up this year, as is their severity. We know more about this for Internet Explorer because Microsoft provides the most data.
UPDATED. This Patch Tuesday brings six updates but the first, a Cumulative Update for Internet Explorer, fixes 24 of the vulnerabilities.
This patch eliminates a security vulnerability in Microsoft Internet Information Service. The vulnerability could allow enable an attacker,...
Microsoft has failed to address a remotely exploitable security flaw affecting the most widely used version of Internet Explorer.
The TaskPad feature, which is part of Microsoft Windows 98/NT and BackOffice Server version 4.0, has a vulnerability that runs executables...
WordPad, the free, simple word processor that comes with Windows, is not vulnerable to the zero day RTF bug affecting Word. Will Office 2003 be fixed? [Updated with Microsoft statement.]
Microsoft has not said whether WordPad, the free word processor included with Windows, is vulnerable to the zero day flaw announced yesterday in Microsoft Word.
Windows XP's next-to-last Patch Tuesday saw four updates to it. Office 2003 is also going off support, but no updates were released today for it.
The zero day exploit reported last week as affecting only Internet Explorer 10 also affects IE 9. Microsoft has released a "Fix it".
By running users under standard, non-admin accounts, IT can prevent a very high percentage of Microsoft vulnerabilities from being exploited.
The vulnerability allowed users to create administrative accounts and take over a business' Office 365 implementation.
[UPDATED] 24 vulnerabilities in total are patched in today's round of updates, but four of them are already being exploited in the wild.
[Correction: ] One of the October Internet Explorer vulnerabilities wasn't patched until November
Microsoft has updated one of their security bulletins with the news that one of the vulnerabilities listed in it wasn't actually patched.
October's patches are described in eight bulletins and address problems in Windows, Office, SharePoint Server, Silverlight, and Internet Explorer. One of the IE bugs has been exploited in the wild for some time now.
Microsoft has released 13 security updates for Internet Explorer, Outlook, SharePoint and Windows. 47 vulnerabilities in all are patched, but perhaps the scariest affects Outlook 2007 and 2010.
MS13-061, released on Tuesday to address 3 vulnerabilities in an Oracle component in Exchange Server, causes data to be inaccessible in Exchange Server 2013. Microsoft has pulled the update and released guidance for how to work around the problems it causes.
All versions of Windows and Internet Explorer are vulnerable to one or more critical flaw fixed today. A component of Exchange written by Oracle is also patched, and there are non-security updates as well.
The best of ZDNet, delivered
- 1 33 ways to improve your iPhone's battery life
- 2 Perfectly legal ways you can still get Windows 7 cheap (or even free)
- 3 How much does an iPhone 6 really cost? (Hint: It's way more than $199)
- 4 Seven privacy settings you should change immediately in iOS 8
- 5 So you have an app idea and want to make a bajillion bucks