So yah, it seems like every implementation of TLS is broken and some may say this Microsoft Schannel vulnerabilty is actually worse than Heartbleed. Why is it worse you ask? Because it allows remote code execution, which honestly – is about as bad as it gets. This is a critical update, a really, really critical […]
windows-security
Windows Registry Infecting Malware Has NO Files
This is a pretty interesting use of the Windows Registry and reminds me a little of the transient drive-by malware used last year against Internet Explorer that left no files either – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. The main difference being, that wasn’t persistent and as it lived […]
Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit
Pretty unusual for Microsoft but they’ve rushed out a fast fix for a 0-day Internet Explorer vulnerability which allows remote code execution and malware dropping. It doesn’t effect the latest version of Internet Explorer (9) but it effects all the common previous versions (6, 7 & 8) – which still accounts for the majority of […]
Microsoft Patches Critical Security Vulnerabilities In Windows, Office, IE, Exchange & SQL Server
Another huge raft of critical fixes has been pushed out by Microsoft across almost their entire range of products, including client and server side software and the Windows OS itself. It’s been a while since I’ve seen such a huge variety of security issues in one update including 5 critical vulnerabilities. If you are running […]
Microsoft Enhanced Mitigation Evaluation Toolkit (EMET) 3rd Party GUI
We published an article about Microsoft Enhanced Mitigation Evaluation Toolkit (EMET) when it came out back in June 2011. The Native GUI for EMET is in .NET and there are some situations or restricted environments where you may be unable to install .NET or just simple don’t want to use it. This is where this […]