Archive for April, 2014

Zero day exploit identified for all current versions of Internet Explorer

Monday, April 28th, 2014

On Saturday, April 26, Microsoft provided an announcement of a remote code execution vulnerability that affects all current versions of Internet Explorer (versions 6-11) and that is actively being exploited.  The vulnerability exists in how Internet Explorer manages flash code. No patch is currently available.  See the following URLs for additional information. https://technet.microsoft.com/en-US/library/security/2963983 http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html As […]

Heartbleed OpenSSL vulnerability – What is known and what should be done

Friday, April 11th, 2014

This blog entry will attempt to offer some current info (and a little background) on the OpenSSL heartbleed vulnerability that became known to the public late in the day on April 7. Initial announcement – At approximately 5 p.m. Pacific time on Monday, April 7, a vulnerability was identified in the versions 1.0.1 through 1.0.1f […]

Advance notice of patches to be released on April 8

Thursday, April 3rd, 2014

Microsoft has just provided their advance notice of the patches that will be released on Tuesday, April 8.  The information is available at – http://technet.microsoft.com/en-us/security/bulletin/ms14-apr  There are four patches scheduled to be released, two of which are designated as CRITICAL.  Critical bulletins are identified as bulletin #1 and #2. Bulletin #1 concerns the zero-day vulnerability […]