Internet Explorer

(get it in RSS or Atom)

May Patch Tuesday critical for users of Internet Explorer and web-based services

by Chester Wisniewski on May 14, 2013 | 3 Comments
Patch Tuesday

Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.

Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.

Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day

by Paul Ducklin on May 9, 2013 | 4 Comments
fixit-250

The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.

Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...

Microsoft fixes 9 flaws, Adobe 3 in April's Tuesday update

by Chester Wisniewski on April 9, 2013 | 3 Comments
Patch Tuesday

As expected Microsoft released seven important and two critical fixes for Windows, Internet Explorer and other Microsoft products. Adobe followed suite releasing fixes for ColdFusion, Flash and Shockwave. Patch now!

Monday review - the hot 17 stories of the week

by Anna Brading on April 8, 2013 | Leave a comment
Monday review - the hot stories of the week

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Microsoft to issue 9 security updates on Tuesday, critical for all IE versions, reboot required

by Paul Ducklin on April 7, 2013 | 12 Comments

Microsoft has issued its usual advance notification for the coming week's Patch Tuesday.

If you use Windows you're probably affected, and you'll probably need to reboot all your PCs and most of your servers...

SSCC 105 - HP printers, Google blocks ad blockers, Apple does the 2-step, and more...

by Paul Ducklin on March 27, 2013 | 1 Comment
sscc-105-250

Have you joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 105, discussing a range of recent and newsworthy topics from the world of computer security.

Microsoft to patch security vulnerabilities on Tuesday - including some rated as "critical"

by Lisa Vaas on March 11, 2013 | 7 Comments
Microsoft to patch security vulnerabilities on Tuesday - including some classed as "critical"

Patch Tuesday is bringing seven security fixes, with Microsoft deeming four of them "drop-everything-and-fix-this-now" critical in Windows, IE, Silverlight, Office and Microsoft Server.

Helping users make better security decisions by design

by Chester Wisniewski on March 11, 2013 | 2 Comments
Helping users make better security decisions by design

When we think of secure programs we think about things like buffer overflows, null pointer dereferences and other technical jargon. Adam Shostack of Microsoft explained the importance of designing usable interfaces to help users make smart security decisions at last week's BSides conference in Vancouver Canada.

Firefox and Chrome patched ALREADY after Pwn2own - now the pressure is on for IE and Microsoft!

by Paul Ducklin on March 8, 2013 | 10 Comments
fixit-maybe-250

Mozilla and Google have already pushed out patches to stop the exploits that got past their browsers at this year's PWN2OWN competition!

That certainly throws down the gauntlet to Microsoft, whose Internet Explorer 10 browser was also successfully breached in the competition.

PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again

by Paul Ducklin on March 8, 2013 | 6 Comments

PWN2OWN 2013 finished off today.

A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...

PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned

by Paul Ducklin on March 7, 2013 | 14 Comments

Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.

Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...

Browser choice - How a "technical error" cost Microsoft over $700 million

by Lisa Vaas on March 7, 2013 | 32 Comments
"Technical error" costs Microsoft €561 million after Europeans not given choice of alternative browsers

"OK, Microsoft... no more Mr. Nice Guy," the European Commission said to the company that just can't seem to figure out how to give PC users a browser choice.

Find a new way of exploiting Chrome, IE, Java, etc.. and you could win millions of dollars

by Graham Cluley on March 6, 2013 | 2 Comments
Find a new way of exploiting Chrome, IE, Java, etc.. and you could win millions of dollars

Security researchers are gathering in Vancouver at the CanSecWest conference, in the hope of winning substantial cash prizes for finding exploitable vulnerabilities in the likes of Chrome, Internet Explorer and Java.

Monster super-critical Patch Tuesday for February 2013

by Chester Wisniewski on February 12, 2013 | 16 Comments
Monster super-critical Patch Tuesday for February 2013

Microsoft has released 12 patches covering 56 vulnerabilities as part of the February monthly "Patch Tuesday" update. Five of these patches are rated critical and code allow criminals to drive-by install malware onto Windows systems.

Microsoft readies monster-sized security patch for Windows users

by Graham Cluley on February 8, 2013 | 26 Comments
Microsoft readies monster-sized security patch for Windows users

Patch Tuesday is approaching, and for users of Microsoft's software it's going to be a monster.

Make sure that you patch Internet Explorer as soon as possible.

IE 10 is more secure, so here's a Microsoft tool to prevent you updating by mistake

by Paul Ducklin on February 1, 2013 | 14 Comments
IE 10 is more secure, so here's a Microsoft tool to prevent you updating by mistake

Ironically, Microsoft is making sure that as soon as Internet Explorer 10 is ready on Windows 7, you're already ready to avoid it.

A sort-of "lesser of two evils" solution for change control conservatives.

PWN2OWN - hack the Big Four browsers in public and go home with half a million dollars

by Paul Ducklin on January 22, 2013 | 4 Comments
targets-250

Only six weeks to go until PWN2OWN 2013, where you can hack the Big Four browsers and the Big Three plugins, and win over half a million dollars.

But is it just about the money?

Paul Ducklin investigates...

Internet Explorer zero-day exploit found on more websites. Fingers point towards Elderwood Project

by Graham Cluley on January 7, 2013 | 3 Comments
Internet Explorer zero-day exploit found on more websites. Fingers point towards Elderwood Project

SophosLabs, has uncovered two new sites which have been hit by the recently discovered Internet Explorer zero-day vulnerability - a community seeking independence from China, and an Iranian oil firm's website.

Turkish Certificate Authority screwup leads to attempted Google impersonation

by Chester Wisniewski on January 4, 2013 | 2 Comments
shutterstock_brokenpadlock250

Another Certificate Authority has been caught out having issued certificates that were being used to impersonate Google. Does the SSL padlock not mean we are safe anymore?

Zero day vulnerability in Internet Explorer being used in targeted attacks, FixIt now available

by Chester Wisniewski on December 31, 2012 | 17 Comments
Microsoft releases fix for Internet Explorer security hole, full patch coming Friday

Microsoft has released an advisory on a new zero day attack against users of Internet Explorer. While a Fixit is available it may be best to avoid using IE for awhile.