One of the top draws at CanSecWest, the highly regarded Canadian security conference, is the break-the-browser contest known as Pwn2Own.
So can it be coincidence that Apple, Google, and Mozilla updated their browsers just days before the contest?
The most important news this Patch Tuesday was not about a new patch, but the lack of one.
Microsoft announced that it is investigating public reports of a new security threat to Internet Explorer 6 and 7. No IE patch came with the advisory, but the company did include a workaround.
A collision between one of Microsoft’s recent Windows security patches and the rootkit Alureon is giving some PC users the infamous “Blue Screen of Death.”
I previously advised you not to install Microsoft’s security patch MS10-015 until I looked into it in more detail, but now I’m ready to give you the all-clear — with caveats.
Microsoft predicts attacks within 30 days, targeting a hole plugged by this month’s most-important Windows update.
The patch for this vulnerability is rated “Critical” for all client versions of Windows and for most server editions as well.
Microsoft released an out-of-cycle patch to remedy the IE “Aurora” bug that recently enabled Chinese hackers to attack Google and many other companies.
Separately, Mozilla released not one, but two, updates to Firefox — improving that browser’s security and adding an array of new features.
January’s lone critical MS patch fixes a problem with embedded fonts — caused by an update released last July.
The new update is critical only for Windows 2000 but should still be applied on all Windows systems to prevent fonts from displaying incorrectly on the Web and in Office apps.
Not so long ago, Microsoft promised that fewer Windows patches would require restarting the system to complete their installation.
Microsoft clearly hasn’t delivered on that promise, so PC users need to take steps to ensure that they don’t lose data due to unexpected post-update reboots.
A troubled December upgrade of Microsoft’s cloud-based licensing service is causing serious headaches for organizations that rely on the site to manage software licenses.
After more than a month and counting, the Volume Licensing Service Center remains inaccessible to many Microsoft customers.
If you use XP and haven’t yet installed Service Pack 3, you’ll have to do so before next July if you wish to continue receiving security updates.
Even though XP SP3 looks like a must-do, you may want to wait a while before upgrading your XP machines from Internet Explorer 7 to IE 8.
Yet another Active Template Library hole makes Internet Explorer susceptible to remote code execution.
All versions of IE require a patch that Microsoft released this week to block a malicious ActiveX control from taking over your system.