http://krebsonsecurity.com/2014/03/adobe-microsoft-push-security-updates/
By Brian Krebs
Krebs on Security
March 11, 2014
Adobe and Microsoft today each released software updates to fix serious
security flaws in their products. Adobe pushed an update that plugs a pair
of holes in its Flash Player software. Microsoft issued five updates,
including one that addresses a zero-day vulnerability in Internet Explorer
that attackers have been exploiting of late.
Microsoft’s five bulletins address 23 distinct security weaknesses in
Microsoft Windows, Internet Explorer and Silverlight. The Internet
Explorer patch is rated critical for virtually all supported versions of
IE, and plugs at least 18 security holes, including a severe weakness in
IE 9 and 10 that is already being exploited in targeted attacks.
Microsoft notes that the exploits targeting the IE bug seen so far appear
to perform a check for the presence of Microsoft’s Enhanced Mitigation
Experience Toolkit (EMET); according to Microsoft, the exploits fail to
proceed if EMET is detected. I’ve recommended EMET on several occasions,
and would encourage any Windows users who haven’t yet deployed this tool
to spend a few minutes reading this post and consider taking advantage of
it to further harden their systems. The latest version — 4.1 — is
available at this link and requires Microsoft’s .NET Framework 4 platform.
For those of you who don’t mind beta-testing software, Microsoft has
released a preview version of the next generation of EMET — EMET 5.0
Technical Preview.
This month’s updates include a fix for another dangerous bug – deep within
the operating system on just about every major version of Windows – that
also was publicly disclosed prior to today’s patches. Microsoft’s Technet
Blog has more details on these and other bulletins released today.
[...]
--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
