Over 1 million tech questions and answers.

Emergency Flash Player patch fixes zero-day critical flaw

Q: Emergency Flash Player patch fixes zero-day critical flaw

Adobe Systems has released an emergency patch for Flash Player in order to fix a critical vulnerability that attackers are already taking advantage of.

The vulnerability, tracked as CVE-2016-7855 in the Common Vulnerabilities and Exposures database, is a use-after-free error that could lead to arbitrary code execution.

"Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," the company warned in a security advisory Wednesday.

Users are advised to upgrade to Flash Player 23.0.0.205 on Windows and Mac and to version 11.2.202.643 on Linux. The Flash Player runtime bundled with Google Chrome and Microsoft Edge or Internet Explorer 11 on Windows 10 and 8.1 will be updated automatically through those browsers' update mechanisms.



Emergency Flash Player patch fixes zero-day critical flaw | PCWorld

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Emergency Flash Player patch fixes zero-day critical flaw

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 96.4

Details here; https://helpx.adobe.com/security/products/flash-player/apsb16-36.html

SANS.Org Internet Storm Center story here;https://isc.sans.edu I have the 'click to play' setting enabled so that I know when any Flash content is trying to run in any of my browsers.
 

A:Critical out of band patch for Adobe Flash Player

I've already installed the activex and plugin version (23.0.0.205) in my Windows 7 computers.

---------------------------------------------------------------
 

Read other 1 answers
RELEVANCY SCORE 91.2

Microsoft has issued an emergency update to patch a critical vulnerability that affects all supported versions of Internet Explorer. If you haven't already installed the fix, it's recommended that you do so ASAP as hackers are said to be actively...

Read more
 

A:Microsoft rolls out emergency fix for critical flaw affecting all versions of Internet Explorer

Do NOT install the recommended updates. M$ has secretly hidden an nVIDIA driver there. None of the recommended updates' details say ANYTHING about any of them being a display driver or driver for that matter. After a restart, it even went as far as turning DSR on GLOBALLY (2.00x) and after trying to uninstall the driver and everything with it (physx, 3D etc) the end result was nothing named nVIDIA was in add/remove or Revo Uninstaller.

I did a Clean Custom Install (driver and PhysX only) of the same driver and the proper entries are installed and showing in add/remove.

I have not had a single graphics driver appear in Windows Update until today. Something really freaking fishy is going on. I am running Windows 8.1.
 

Read other 7 answers
RELEVANCY SCORE 90

Redmond defenses neuter exploit code.
A security researcher has downplayed the significance of publicly released attack code exploiting a critical vulnerability in newer versions of Windows, saying it isn't reliable enough to force Microsoft to issue an emergency patch.
The exploit, which on Monday was folded into the open-source Metasploit penetration testing kit, is at best successful only 50 percent of the time, said Dave Aitel, CTO of security firm Immunity. Given the burden of releasing out-of-schedule patches, Microsoft is unlikely to do so in this case.



More -
Researcher: No emergency patch for critical Windows bug ? The Register

Read other answers
RELEVANCY SCORE 87.6

Adobe has issued an emergency patch for a previously undiscovered vulnerability in Flash Player, which the company says is being exploited in the wild.The company said Tuesday that the latest update of the popular browser plugin, version 18.0.0.194 for both Windows and Macs, fixes a security hole that could allow a hacker to take over an affected system."Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks," the company said in a brief advisory.
 

Article

A:Adobe issues emergency fix for Flash zero-day security flaw

Adobe Flash Player Distribution DownloadAdobe Web Players All Downloads

Read other 7 answers
RELEVANCY SCORE 83.6

Critical Flash flaw won't be fixed until next week dated March 15, 2011.

-- Tom
 

A:Critical Flash flaw won't be fixed until next week

thanks for info ...
 

Read other 1 answers
RELEVANCY SCORE 82

Adobe Warns of Critical Flaw in Flash, Acrobat & Reader.

Adobe Systems Inc. warned late Friday that malicious hackers are exploiting a previously unknown security hole present in current versions of its Adobe Reader, Acrobat and Flash Player software.

The company notes that the Flash Player 10.1 Release Candidate, available from this link, does not appear to be vulnerable.Click to expand...

-- Tom
 

A:Adobe Warns of Critical Flaw in Flash, Acrobat & Reader

Thanks Tom xx
 

Read other 2 answers
RELEVANCY SCORE 81.6

Adobe readies emergency patch for Flash zero-day bug exploited in the wild




Adobe has told users that an emergency patch is being prepared for a Flash zero-day vulnerability being exploited in the wild which can give attackers complete control.

On Tuesday, the tech giant said in a security advisory that CVE-2016-1019, the zero-day security flaw, is a critical issue which exists in affects Adobe Flash Player 21.0.0.197 and earlier. The bug impacts Windows, Mac, Linux and Chrome operating systems.
The Flash zero-day "could cause a crash and potentially allow an attacker to take control of the affected system" if exploited, according to Adobe.








the exploit is a serious issue, and so Adobe is readying a patch which is due to be released as soon as April 7. In the meantime, users should make sure their version of Flash is as up-to-date as possible.



Adobe readies emergency patch for Flash zero-day bug exploited in the wild | ZDNet

Read other answers
RELEVANCY SCORE 80.8

Adobe Flash  21 has been updated to 21.0.0.213
In today's release, we've updated Flash Player with important bug fixes and security updates.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  

 
Direct downloads (no bundled junk) for Windows 7 and earlier :
.
Internet Explorer -  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_active_x.exe
.
Plugin-based browsers (Firefox etc) - http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_plugin.exe
.
Uninstaller (if needed) : http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe 
.Documentation:  https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
.
https://helpx.adobe.com/flash-player/release-note/fp_21_air_21_release_notes.html
 

A:Updates 4/7/16 - Flash: Emergency update to patch RANSOMWARE vulnerabilty

http://www.reuters.com/article/us-adobe-systems-cyber-ransomware-idUSKCN0X502K
[This] emergency update [for] Flash software [patches] a security flaw that was being exploited to deliver ransomware to Windows PCs.
The software maker urged the more than 1 billion users of Flash... to update the product as quickly as possible after security researchers said the bug was being exploited in "drive-by" attacks that infect computers with ransomware when tainted websites are visited.
Ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC.

Read other 2 answers
RELEVANCY SCORE 80.4

The vulnerability is located in the VLC component responsible for playing ASF (Advanced Streaming Format) video files, VideoLAN, the non-profit organization that develops the media player, said in a security advisory published on its website. Vulnerability research and management firm Secunia rated the flaw as highly critical and said its successful exploitation could allow the execution of arbitrary code. The flaw can be exploited by tricking a user into opening a specially crafted ASF file. VideoLAN advises users to refrain from opening files from untrusted locations and to disable the VLC browser plug-ins until the issue is patched. By default, VLC installs plug-ins for Mozilla Firefox, Internet Explorer, Google Chrome, Apple Safari, Opera and Konqueror. The plug-ins allow the playback of video files embedded into Web pages. An alternative solution is to manually delete the vulnerable libasf_plugin.dll file from the VLC installation directory, VideoLAN said. This will disable the software's ability to play ASF videos until a patched version of the file is reinstalled during a software update...More @ Source

Read other answers
RELEVANCY SCORE 78

Adobe Systems Inc. repaired 20 vulnerabilities in its Shockwave Player in a critical update issued late Tuesday that blocks attackers from remotely exploiting the flaws.The holes were identified in Adobe Shockwave Player 11.5.7.609 running on Microsoft Windows and Apple Mac OS X. Adobe said it knew of no ongoing attacks against the flaws in the wild. The update repairs more than a dozen memory corruption vulnerabilities and several denial-of-service flaws.Adobe Shockwave Player is used as a plug-in in hundreds of millions of Web browsers and has been a favorite target of attackers in recent years. In a recent interview, Brad Arkin, senior director of product security and privacy at Adobe, said the company has been increasing its transparency on its software security processes and investing in ways to better protect users from attacks. The majority of users that fall victim to attacks fail to keep the software up to date, he said.http://searchsecurity.techtarget.com/news/...1519111,00.htmlAdobe Security Bulletin:http://www.adobe.com/support/security/bull.../apsb10-20.htmlShockwave Uninstaller available here: http://www.adobe.com/shockwave/download/alternates/#spReinstall Shockwave from here:http://get.adobe.com/shockwave/Test your new Shockwave Player here:http://www.adobe.com/shockwave/welcome/

Read other answers
RELEVANCY SCORE 77.6

Everyone,

Adobe is releasing a critical patch Tues Dec 8 for Flash

http://threatpost.com/en_us/blogs/critical-adobe-flash-patch-coming-120409
 

A:Critical Adobe Flash patch Dec 8 2009

thanks!
 

Read other 2 answers
RELEVANCY SCORE 76.4

This one may have been missed in the 'excitement of Microsoft Patch Tuesday; https://helpx.adobe.com/security/products/shockwave/apsb15-22.html
 

Read other answers
RELEVANCY SCORE 76

Adobe is releasing an emergency patch for Flash after spotting a critical flaw that is now being "actively exploited" in the wild.
Users of Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier are vulnerable to an externally forced shutdown that can be used to mask remote code execution on a target system. The threat was deemed serious enough to issue the patch out of schedule and Adobe hopes to have it out by April 7.
If you're running a version of Flash later than 21.0.0.182 then a mitigation for the attack is already in place.
Full details can be found here

Article
 
Edit: Not sure why the article notes 21.0.0.182 when the adobe Advisory notes 21.0.0.197 and earlier is vulnerable.

A:Adobe preparing critical out-of-band Flash patch:The Register

The Adobe Security Advisory says...A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later.

Read other 6 answers
RELEVANCY SCORE 76

http://www.adobe.com/support/security/advisories/apsa10-05.htmlWe are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux and Solaris by November 4, 2010. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010.

Read other answers
RELEVANCY SCORE 75.6

Adobe patch 18 critical holes in Shockwave Player.

Adobe have released Adobe Shockwave Player 11.5.8.612 to close 18 critical holes on Windows and Mac OS X systems. The vulnerabilities, which mostly allow for remote code execution, exist in all versions up to and including Shockwave Player 11.5.7.609.

-- Tom
 

A:Adobe patch 18 critical holes in Shockwave Player

hi, beware norton scan option through firewall.

if unsure when stopped by firewall, check> username\appdata\local\SCCLog.txt
 

Read other 3 answers
RELEVANCY SCORE 74.8

Who should read this bulletin:

Customers using Microsoft® Windows Media™ Player 6.4, 7.1 or Windows Media Player for Windows XP.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-032.asp

Take care! angelize56
 

A:Critical-Cumulative Patch for Windows Media Player (Q320920)

Please read this first before you download. Ouch!
http://www.theregister.co.uk/content/4/25956.html
 

Read other 3 answers
RELEVANCY SCORE 73.6

http://myonlinesecurity.co.uk/emergency-band-flash-player-update/
Go & update NOW!!!
 

A:Emergency out of band Flash player update

Thanks
 

Read other 1 answers
RELEVANCY SCORE 70

INTERNET SOFT UNDERBELLY Adobe Flash has been flushed with a range of updates that should make it less onerous for at least four weeks.
The patch whack on the software is a big one, and sees Adobe level 79 fixes at it and its users. There is some argument that reckons that Flash should be linked with a sack, some rocks and the sea, but Adobe insists on patching up its old pal.
This is the last of the Adobe releases this year, so you might assume it is something of a best of. It is not, it is a package of bandages that cover threats that can be considered critical and thus urgent.
Judging by the noises coming from the security commentary community, these are not patches that you want to sit on so get applying.
 

The update has been out for a few day but I thought I would post this to make people aware of the update.
 
Article

A:Adobe Flash Player update includes 79 fixes, for crying out loud:The Inquirer

Hi,
 
On this site news http://www.bleepingcomputer.com/news/security/adobe-patches-78-vulnerabilities-in-todays-flash-update/ posted on 8/12/2015

Read other 4 answers
RELEVANCY SCORE 68.4

US-Cert reports a critical vulnerability in Macromedia Flass Player may allow anattacker to take control of a computer or cause it to crash if an attacker can convince any user to visit amalicious web site.Microsoft has issued a patch for Windows users who currently have Flash Player 6.0.79 or earlier installed :http://www.microsoft.com/technet/security/...n/MS06-020.mspxUsers who have upgraded to MFP 7 or above are advised to download and install the latest version of the Flash player:Adobe recommends all Flash Player 8.0.22.0 and earlier users upgrade to the new version 8.0.24.0, which can be downloaded from the Player Download Center. For customers that cannot upgrade to Flash Player 8, please refer to the Flash Player 7 update TechNote.http://www.adobe.com/devnet/security/secur.../apsb06-03.htmlThe latest version (8,0,24,0- - -930 K) can be downloaded here:http://www.adobe.com/shockwave/download/do...=ShockwaveFlashRegards,John

Read other answers
RELEVANCY SCORE 68.4

A heads-up for anyone that doesn't have Flash player set to update itself; https://www.adobe.com/support/security/bulletins/apsb12-19.html
 

A:Critical update for Adobe Flash player!!

Read other 6 answers
RELEVANCY SCORE 68

Flash Player update available to address security vulnerabilitiesCVE number: CVE-2007-3456, CVE-2007-3457, CVE-2007-2022Platform: All platforms Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.

Read other answers
RELEVANCY SCORE 68

Critical Vulnerability Fixed in Adobe Flash Player
Recently, Adobe released a patch, which fixes multiple vulnerabilities for Adobe Flash Player.

Since Adobe Flash Player is used in enterprise environments and some of the reported vulnerabilities may allow code execution, my Binary Analysis team has spent some time analysing the patch in order to properly understand the fixed vulnerabilities.

In the advisory from Adobe, two vulnerabilities are listed as potential code execution vulnerabilities. For the first vulnerability (CVE-2009-0520), it is stated that a buffer overflow "could potentially allow an attacker to execute arbitrary code". For the second vulnerability (CVE-2009-0519), it is stated that an input validation error "leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible".

It turns out that at least one of them is quite nasty and does indeed allow remote code execution in a very reliable manner.

Due to the limited publicly available information, we cannot be certain whether the vulnerability analysed is CVE-2009-0520, CVE-2009-0519, or even a third, silently fixed vulnerability.

However, we are certain that the vulnerability is related to how callback functions are handled and may result in data in arbitrary memory being treated as an object. S... Read more

Read other answers
RELEVANCY SCORE 67.2

Microsoft Confirms, Fixes Passport Flaw July 1, 2003

The software vendor says few accounts were jeopardized by the .Net Passport vulnerability.
By George V. Hulme

A flaw in Microsoft's .Net Passport system may have made the identities behind some user accounts available to attackers who could have taken over the accounts or reset passwords. The flaw was disclosed in a message posted to the security Vulnerability Discussion mailing list last week and confirmed by a Microsoft official Tuesday.
Information Week
 

Read other answers
RELEVANCY SCORE 67.2

Flash Player plug-in - Critical Browser Security Update For most users the flash player is an integral part of their browser environment (e.g., Internet Explorer, Mozilla Firefox, Opera, etc). While no in-the-wild risks have emerged a serious security risk has been fixed and users should quickly move to the latest version. Since this special update may not part of Windows Update or other browser automatic updates, it is important to manually update the Flash player to ensure browser safety in the future.Flash Player plug-in - Critical Browser Security Update http://isc.sans.org/diary.html?storyid=3126http://www.adobe.com/support/security/bull.../apsb07-12.htmlhttp://www.f-secure.com/weblog/archives/ar...7.html#00001231An input validation error has been identified in Flash Player 9.0.45.0 and earlier versions that could lead to the potential execution of arbitrary code. This vulnerability could be accessed through content delivered from a remote location via the user?s web browser, email client, or other applications that include or reference the Flash Player. (CVE-2007-3456). There are no reported in-the-wild exploits yet, but we might see some soon as enough technical information required to build an exploit has been released publicly for at least a few of these vulnerabilitiesFlash Player v9.0.47 - Download Site Note - You may want to uncheck the installation of the Google Tool barhttp://www.adobe.com/go/getflash

Read other answers
RELEVANCY SCORE 67.2

Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat dated October 29, 2010.

Well this seems to be a frequently recurring theme, yes there is yet another critical 0day vulnerability in Adobe products – pretty much across the board this time.Click to expand...

Update: Critical Fixes for Shockwave, Firefox.

Adobe Systems pushed out a critical security update for its Shockwave Player that fixes nearly a dozen security vulnerabilities. The software maker also is warning that attackers are targeting a previously unidentified security hole in its Acrobat and PDF Reader products. The latest version is 11.5.9.615.Click to expand...

-- Tom
 

A:Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat

Just updated mine
 

Read other 1 answers
RELEVANCY SCORE 67.2

Adobe has released an emergency update for Flash Player on Windows, Mac and Linux. Current versions have a vulnerability that could potentially allow an attacker to remotely take control of the affected system



More info here:
Update for Vulnerabilities in Adobe Flash Player in IE

I just went into Windows Update and the version for IE within Windows 8 is available already (at least where I am).

A:Adobe issues critical Flash Player update (4th Feb 2014)

Thanks DavidY. First time automatic updates got it before I did. I knew about Adobe patching it this a.m.. Got it earlier for Fifrefox. I figured Microsoft would put it on next week's Patch Tuesday. I did beat automatic updates getting it on my notebook, though.

Read other 1 answers
RELEVANCY SCORE 67.2

Adobe advisory; http://secunia.com/advisories/28161/ (don't forget that there is a version for IE and one for Netscape, Opera, Firefox etc.)

Opera; http://secunia.com/advisories/28169/
 

A:Critical Updates for Adobe Flash Player and Opera browser

Flash Player 9.0.115.0 (IE)

Is it this?
 

Read other 3 answers
RELEVANCY SCORE 65.6

Severity Rating: Critical
Revision Note: V1.0 (February 21, 2017): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. For more information, see the Affected Software section.

Microsoft Knowledge Base Article 4010250.

Read more: Microsoft Security Bulletin MS17-005 - Critical
 

Read other answers
RELEVANCY SCORE 64.4

One of my tech tv programs mentions,2 weeks ago, a flaw in zone alarm and zone alarm pro which allowed an obscure port to remain open. A patch was promised for both the free addition and the pro addition. I've returned to their site but nothing has been mentioned. Anyone know of this? One worm was enough and I'd like to stay safe!
Thanks
 

A:zone alarm flaw-patch

Read other 6 answers
RELEVANCY SCORE 64.4

I?m trying to install the security update to patch the Sigred DNS vulnerability on our last Server 2008 x86. It?s being phased out soon but wanted to patch it regardless.
When I try to install KB4565529-x86 it says, ?The Windows Modules Installer must be updated before you can install this package" so I attempted to update the Servicing Stack for 2008 (not R2) which leads me to KB955430-x86 but that also errors out saying
that ?This update does not apply to your system?.
How can I get this patch installed? I?ve already created the script below to put the temp fix in place but want to make sure the patch gets installed as well.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Read other answers
RELEVANCY SCORE 64

Don't know if this belongs here or not.
IE Flaw 'extremely critical'

This one goes to 11
By Nick Farrell: Martes 29 Noviembre 2005, 08:32

AN UNPATCHED vulnerability on Internet Explorer is so bad that security expert Secunia has had to add a new category of danger to its rating system.
Instead of being just critical, Secunia says that the unpatched hole is now 'extremely critical' which means that Microsoft were extremely stupid to sit on it for six months.

To be fair to Vole, even Secunia just thought the flaw would only create a denial of service vulnerability when they discovered it in March. DoS vulnerabilities are pretty much ten a penny. However the flaw is caused when IE fails to correctly initialize the JavaScript "Window()" function, when used in conjunction with a event. This means that Internet Explorer encounters an exception when trying to call a dereferenced 32-bit address located in ECX.

However, now S. Pearson, of computerterrorism.com, has worked out that if a Javascript prompt box was of the right size and form to allow the insertion of custom shellcode a remote attacker can execute arbitrary code embedded into an otherwise normal looking Web page.

You can have a look at it in action at www. computerterrorism.com].

There is more on the turning of the screw, here. µ

http://www.theinquirer.net/?article=27992
For more, click here.
 

Read other answers
RELEVANCY SCORE 64

9 March 2007A serious flaw was found in opensource encryption software GNU Privacy Guard (GPG).It allows a cybercriminal to launch a phishing attack. The flaw allows to insert text in trusted e-mail. Ivan Arce from Core Security, who discovered the vulnerability says attacker can insert malware or lead user to malicious website. Arce decided to inform of the flaw because it was patched two weeks ago.It affects email clients like Kmail, Evolution, Sylpheed, Mutt and GNUMail, so its users should install patches as soon as possible.Source:http://www.arcabit.com/infobase.html?show=...ion&id=1154

Read other answers
RELEVANCY SCORE 63.6

Hi All,
Your can read about here.
Barry
 

A:Microsoft Releases Patch for Windows Flaw

Run a scan at the Windows Updates site and the KB912919 patch should appear in the critical updates section.

Microsoft has released it 5 days early.

-------------------------------------------------------------------------------------
 

Read other 1 answers
RELEVANCY SCORE 63.6

http://www.pcworld.com/article/20489...tml#tk.rss_all

This article explains it, it is just a fix it for now

A:Fix it for emergency patch to IE

here is another article on it

Microsoft: IE Zero Day Flaw Affects All Versions — Krebs on Security

there is a MS Fixit but it seems if you use it will disable some functions in ie
Microsoft is actually saying to use another browser till they issue a Windows update

Read other 5 answers
RELEVANCY SCORE 63.2

Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

The flaws were confidentially reported to the Foundation on May 2, but by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT). Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.

In recent months Firefox has gained significant market share from Microsoft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that the browser is more secure partly because of its relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser.
Two Vulnerabilities Found

The exploit, discovered by Paul of Greyhats Security Group and Michael "mikx" Krax, makes use of two separate... Read more

Read other answers
RELEVANCY SCORE 63.2

Matthew Broersma, Techworld.com
Mon May 9,11:00 AM ET

Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

The flaws were confidentially reported to the Foundation on May 2, but by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT). Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.

Critical Flaw Found in Firefox
 

A:Critical Flaw Found in Firefox

Also reported here http://news.bbc.co.uk/2/hi/technology/4532127.stm

Regards - Oldie
 

Read other 3 answers
RELEVANCY SCORE 63.2

On 12/22/2004, an update for Winamp was published to fix a critical security flaw. Go to http://www.winamp.com and download Winamp 5.08c to fix the problems.

This fix is required for ALL versions of Winamp prior to 5.08c. To determine your version, open Winamp, click Help > About Winamp and check the version number at the bottom of the resulting screen.
 

Read other answers
RELEVANCY SCORE 63.2

Thursday, July 17, 2003 Posted: 10:39 AM EDT (1439 GMT)

WASHINGTON (AP) -- Microsoft acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.

Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.

Truly trustworthy?

The disclosure was unusually embarrassing for Microsoft because it demonstrated the first such serious flaw in the company's powerful new computer server software, billed as its safest ever.

The software is aimed at large corporate customers and was the first product sold under a high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates.

At the product's launch in late April, Microsoft Chief Executive Steve Ballmer declared the new version of Windows to be a "breakthrough in terms of what it means, in terms of its built-in security and reliability."

Found in Poland

The flaw, discovered by researchers in western Poland, also affected Windows versions popular among home users.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Se... Read more

Read other answers
RELEVANCY SCORE 62.8

There is a fix it patch for a major vulnerability in IE 32 bit
You can read it here
http://www.pcworld.com/article/20489...tml#tk.rss_all

A:Ms has released an emergency patch for IE

here is another article on it

Microsoft: IE Zero Day Flaw Affects All Versions — Krebs on Security

there is a MS Fixit but it seems if you use it will disable some functions in ie
Microsoft is actually saying to use another browser till they issue a Windows update

Read other 1 answers
RELEVANCY SCORE 62.4

​Egyptian bug hunter discovered that Avira Website is affected by CSRF flaw that allows attackers to hijack users? accounts and access to their online backup.

​Source​
 

A:Avira – Critical CSRF flaw Vulnerability

news section - posted
http://malwaretips.com/threads/avira-vulnerability-puts-users-online-backup-data-at-risk.33790/
 

Read other 2 answers
RELEVANCY SCORE 62.4

...When discussing about three critical Excel vulnerabilities disclosed during one week in last month, only the first was patched with Tuesday?s updates...Microsoft had time enough to fix all of these issues. But they only fixed the ?Repair Mode? issue used to targeted attacks by Booli.A....http://blogs.securiteam.com/index.php/archives/506

A:Microsoft Patched Only The Most Critical Excel Flaw

Not surprising.
They were probably to exhausted to work on the other 3.
After all, don't MS employee's spend all of their time working on patches for vunerabilities?
Stands to reason that they'd have to take a break, sometime.

Read other 1 answers
RELEVANCY SCORE 62.4

Trend Micro has warned its users of a "critical" flaw in a wide range of its software products that could cause computers to crash.Most users should be fine, according to Mike Sweeny, a spokesman for Trend Micro, an antivirus and security software company with global headquarters in Tokyo. A fix for the flaw was included in automatic updates and the software is set to call in for an update at least once a day. Sweeny says users cannot set the updates for any longer period of time than once a day. http://www.informationweek.com/security/sh...cleID=197004643

A:'critical' Trend Micro Flaw Could Cause Crashes

Grinler already posted about this:Highly-critical Flaw Discovered In Trend Micro Products

Read other 1 answers
RELEVANCY SCORE 62.4

Article:

http://news.com.com/2100-1009_3-1026420.html?tag=lh
 

A:Microsoft warns of critical Windows flaw

http://forums.techguy.org/t145656/s.html

This should help quite a bit =)

-Z
 

Read other 1 answers
RELEVANCY SCORE 62.4

Hackers warn of critical flaw in Firefox

02 October 2006 - Two hackers at the ToorCon hacker conference in San Diego said that they’ve found a critical flaw in Firefox that looks, to them at least, impossible to patch.

The hackers, who have been named as Mischa Spiegelmock and Andrew Wbeelsoi, said that someone could execute an attack simply by creating a webpage with malicious JavaScript code. In most attacks, hackers have to get a computer user to download something to the computer, but in this case, they won’t know what hit them.

Windows users are used to facing security threats, but smug Apple and Linux users aren’t immune to this bug, as it affects all versions of Firefox.

Spiegelmock said that malicious code could create a stack overflow error, and called the implementation “a complete mess”.

Mozilla’s security chief Window Snyder took the presentation completely seriously after watch a video of it; she said Mozilla would “do some investigating”, but isn’t happy of the release of the exploit to the wide world of hackers.

The reason that the flaw is so difficult to patch? It’s in the part of the browser that deals with JavaScript.

After hearing that the two hackers know of another 30 unpatched flaws in Firefox, Jesse Ruderman, a Mozilla security staffer, encouraged them to disclose the bugs to Mozilla, who gives away $500 per vulnerability.

Wbeelsoi simply said, “It’s a double-edged sword, but what we’re doing is really for the greater good of the I... Read more

A:Hackers warn of critical flaw in Firefox

Read other 7 answers
RELEVANCY SCORE 62.4

Download patch for: J2SE JRE v 1.4.2_06
Available at: http://java.sun.com/j2se/1.4.2/download.html

The following article at CNET News.com was published about the flaw:

Java flaw could lead to Windows, Linux attacks
Published: November 23, 2004, 12:43 PM PST
By Robert Lemos
Staff Writer, CNET News.com

A flaw in Sun Microsystems' plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs.

...

-- Tom
 

Read other answers