Will Microsoft ever bother to squash this security bug?
There's a zero-day security flaw in Internet Explorer that's been known for at least the last 7 months, yet Microsoft has yet to release a patch. Perhaps it never will -- after all, IE8 is the last version of Microsoft's browser to support Windows XP, which itself is now an unsupported operating system. Alternately, Microsoft might just be having a really tough time with this one -- the Redmond outfit doesn't have a whole lot to say on the matter.
Windows XP support is entering its final stages. This coming Tuesday will see the release of some of the last security patches for the operating system which, despite its advanced age, still commands a sizable share of the PC market and simply refuses to die.
Latest security bulletin addresses three vulnerabilities
February is proving to be a very busy month for those tasked with the unenviable task of plugging Flash Player holes at Adobe. The Adobe Product Security Incident Response Team (PSIRT) on Tuesday announced the availability of new security updates for the Flash Player. This is the third time this month that the company has had to release security updates for the ubiquitous plugin.
Microsoft Security Essentials has done it again. For the second time since its inception, the free antivirus software from Microsoft finds itself without German security and antivirus research outfit AV-TEST’s seal of approval, having failed in the latest of the firm’s bimonthly certification tests.
Russian security firm Group-IB claims to have uncovered a critical Adobe Reader vulnerability that is currently being exploited in the wild by attackers in order to circumvent the ubiquitous PDF viewer’s sandbox, a security feature Adobe first introduced as part of Reader X nearly two years ago. Even though this zero-day vulnerability is said to have a few “limitations”, they don’t seem to be crippling enough to stop it from being sold on the black market for anywhere between $30,000 and $50,000.
Friday saw the release of a critical out-of-band patch for Internet Explorer from Microsoft. The security update (MS12-063) addresses as many as five vulnerabilities, but none more important than the critical zero-day bug (CVE-2012-4969) that was made public by French researchers earlier this week, and one which even prompted Germany’s Federal Office for Information Security (BSI) to issue an advisory requesting German citizens to stay away from IE. The Redmond-based company has also released a security update for Adobe Flash IE 10.
Microsoft today issued an advance notification of this month’s “Patch Tuesday” security updates for Windows and other software developed by it. According to its security bulletin advance notification for July 2012, Microsoft will deliver three “critical” and twice as many “important” security updates next Tuesday. Hit the jump for more.
Adobe issued a security update to address a “critical” zero-day vulnerability (CVE-2012-0779) in its Flash Player browser plugin this past Friday. The said vulnerability, according to Adobe, is already being exploited in the wild.