Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
As expected Microsoft released seven important and two critical fixes for Windows, Internet Explorer and other Microsoft products. Adobe followed suite releasing fixes for ColdFusion, Flash and Shockwave. Patch now!
Microsoft has issued its usual advance notification for the coming week's Patch Tuesday.
If you use Windows you're probably affected, and you'll probably need to reboot all your PCs and most of your servers...
Have you joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 105, discussing a range of recent and newsworthy topics from the world of computer security.
Patch Tuesday is bringing seven security fixes, with Microsoft deeming four of them "drop-everything-and-fix-this-now" critical in Windows, IE, Silverlight, Office and Microsoft Server.
When we think of secure programs we think about things like buffer overflows, null pointer dereferences and other technical jargon. Adam Shostack of Microsoft explained the importance of designing usable interfaces to help users make smart security decisions at last week's BSides conference in Vancouver Canada.
Mozilla and Google have already pushed out patches to stop the exploits that got past their browsers at this year's PWN2OWN competition!
That certainly throws down the gauntlet to Microsoft, whose Internet Explorer 10 browser was also successfully breached in the competition.
PWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.
Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...
"OK, Microsoft... no more Mr. Nice Guy," the European Commission said to the company that just can't seem to figure out how to give PC users a browser choice.
Microsoft has released 12 patches covering 56 vulnerabilities as part of the February monthly "Patch Tuesday" update. Five of these patches are rated critical and code allow criminals to drive-by install malware onto Windows systems.
Patch Tuesday is approaching, and for users of Microsoft's software it's going to be a monster.
Make sure that you patch Internet Explorer as soon as possible.
Ironically, Microsoft is making sure that as soon as Internet Explorer 10 is ready on Windows 7, you're already ready to avoid it.
A sort-of "lesser of two evils" solution for change control conservatives.
Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.
But is it just about the money?
Paul Ducklin investigates...
SophosLabs, has uncovered two new sites which have been hit by the recently discovered Internet Explorer zero-day vulnerability - a community seeking independence from China, and an Iranian oil firm's website.
Microsoft has released an advisory on a new zero day attack against users of Internet Explorer. While a Fixit is available it may be best to avoid using IE for awhile.