In The news
Microsoft has published Security Advisory 2963983 on April 26th 2014.
This Advisory is related to a vulnerability that was discovered in Internet Explorer, versions 6 through 11.
This vulnerability is present in nearly all versions of Internet Explorer, regardless of the Windows OS Version that is in use.
The vulnerability (CVE-2014-1776) exploits a bug in Adobe Flash that allows an attacker to execute malicious commands and potentially compromise an unsuspecting user. Please note that now that Windows XP is no longer supported by Microsoft, it is not clear if Microsoft will officially release this patch for Internet Explorer on Windows XP.
On April 7th 2014 OpenSSL and a team of security engineers published advisories regarding a severe vulnerability that
“allows anyone on the Internet to read the memory of systems protected by vulnerable versions of the OpenSSL
software”1. They have dubbed this vulnerability “Heartbleed” as it refers to a memory leak in a heartbeat function
used by OpenSSL. SSL and TLS are cryptographic protocols designed to secure communications over the internet by
way of certificates and asymmetric cryptography.
This is implemented in conjunction with Certificate Authorities (CA) and Public Key Infrastructure (PKI). Collectively this forms the basis upon which trust is established on the Internet. For the non-technical person, these services are commonly associated with the acronym ‘HTTPS’ which enables secure online commerce and authentication.
Multiple vulnerabilities have been discovered in Google Chrome that could result in remote code execution. Google Chrome is a web browser used to access the Internet.
These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the affected application. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.