Site Archives
Internet Explorer Out-of-Band Patch Released
GSA Reference Number: AD100331-01
Microsoft has a released a security update that patches 10 reported vulnerabilities in Internet Explorer. The reported vulnerabilities could potentially allow attackers to execute remote code by tricking users into viewing specially-crafted web pages. This security update is rated Critical for all releases of Internet Explorer and it is highly recommended that all users apply the patch immediately. The Microsoft bulletin can be found here, and the update can be applied through Windows Update.
Malware Infection Methods: Drive-by Downloads
Now that the Internet has been around for some time, users are starting to become more adept at protecting themselves from Web-based threats. Users have learned that certain parts of the Web or Web pages, like advertisements, can pose a security threat and, therefore, will avoid clicking on them. Unfortunately, the malware writers have also noticed the trend and continue to come up with new ways of distributing their malicious applications. The most popular method used for the past year is called Drive-by Downloads. The term Drive-by Download means users become infected simply by surfing an exploited Web page and are completely unaware of the malicious file download occurring in the background. Web browser exploits (such as IE, Firefox, Safari, etc.) and other third party application exploits (such as Adobe Reader, Microsoft Excel, etc.) can potentially allow remote code execution, which can lead to a malicious file download which is completely invisible to the user. Fake pop-ups that look legitimate, often cleverly masqueraded as anti-virus solutions, are also a popular method of tricking a user into either clicking on the pop-up to close it or following the instructions on the pop-up, both of which result in malicious file downloads.
March Microsoft Patch Tuesday
Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution. Both patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office. Gladiator recommends that users immediately apply the Microsoft Office Excel patch. Detailed information for the patches can be found in Microsoft’s March Security Bulletin.
New Internet Explorer Remote Code Execution Vulnerability
GSA Reference Number: AD100302-01
Simply Put: A new Internet Explorer remote code execution exploit has been released. This vulnerability affects Internet Explorer 6, 7, and 8 running on Windows 2000, Windows XP, and Windows Server 2003. This vulnerability uses VBScript and Windows Help files to force a victim machine to run remote code. In order to trigger this vulnerability, a user would have to hit the F1 key while visiting a malicious website.
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.
Monthly Archives
Find posts by the month they were written.
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- July 2008
- May 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007