Heads-up for users still running Windows XP : The unpatched Help Center flaw revealed last week is now out in the wild and being used to launch malware attacks against target users. This new zero-day exploit takes advantage of the vulnerability that exists in the Microsoft Windows Help Center , a default Microsoft application that allows users to access online documentation for Windows. This vulnerability could allow remote code execution if a user views a malicious website, either via their Based on the analysis of TrendLabs SM threat analyst Joseph Cepe, there are two ways in which a user can get infected as shown below.

See original here:
Microsoft Help Center Zero-Day Exploits Loose

While investigating the malware and shellcode that were associated with the recent Adobe Flash Player, Adobe Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability ( BID 40586 ), we came across some interesting similarities to the malware and shellcode that were used in the Microsoft Internet Explorer 'iepeers.dll'

Go here to read the rest:
A Zero-day Connection

After a relatively quiet May with only two security bulletins, Microsoft comes out with 10 security bulletins in June’s Patch Tuesday release. Three of these were rated “critical,” which means these vulnerabilities could be exploited without the user having to take any action beyond visiting a malicious site. These bulletins cover a total of 34 different vulnerabilities.

Go here to see the original:
Patch Now: 10 Updates for June Patch Tuesday

Nothing drives a business like customer demand. When customers say they want X or they’ll go with competition, well, you do it or risk losing their business

See more here:
Microsoft security IS “good enough” and that’s the problem

TrendLabs SM recently handled a client case last March wherein two peculiar malware leveraged a Windows service— Windows Management Instrumentation (WMI) —to execute their malicious routines. WMI lets users access and retrieve information about their OSs. It is particularly useful for administrators, especially in enterprise environments, as it manages applications found on systems connected to a network using any one of various coding languages

Excerpt from:
Windows WMI Abused for Malware Operations

Microsoft released two critical security advisories as part of its May Patch Tuesday.

Visit link:
Microsoft and Adobe Release Fixes in May Patch Tuesday

Hello and welcome to this month’s blog on the Microsoft patch releases.

More:
Microsoft Patch Tuesday - May 2010

Coming May 11 , Tuesday, Microsoft will be releasing its monthly patch updates, and last Thursday, the company released an advance notification in its Microsoft TechNet site for the updates. Note that these advanced notifications aim to allow Microsoft users to make deployment plans ahead of time.

See original here:
Microsoft Released Early Notice for May Patch Tuesday

One of the most important worm outbreaks in history happened ten years ago to the day.

Read more:
Loveletter 2000-2010

Avid readers of the Microsoft Support Lifecycle Blog (and really, how can you not be?) know that yesterday, April 13th, marked the end of support for Windows Vista RTM , also known as Windows Vista SP0. We’d like to say that we’ll miss Vista RTM.

See the article here:
RIP Windows Vista RTM