Security Alerts & News
by Tymoteusz A. Góral

History
#1281 Windows PDF library flaw puts Edge users at risk for RCE
A tricky vulnerability patched today in the Windows PDF Library could have put Microsoft Edge users on Windows 10 systems at risk for remote code execution attacks.

Edge automatically renders PDF content when it’s set as a computer’s default browser, unlike most other browsers; the feature means that exploits would execute by simply viewing a PDF online. While this bug has not been publicly disclosed nor attacked, it’s expected to be an attractive attack vector for hackers.

Microsoft patched this flaw in MS16-102, one of four critical security bulletins it published today. The vulnerability, CVE-2106-3319, when exploited corrupts memory and allows an attacker to run arbitrary code with the same privileges as the user. Microsoft said attackers could either lure victims to a site containing a malicious PDF, or add an infected PDF to a site that accepts user-provided content.
Read more
#1286 Researchers crack Microsoft feature, say encryption backdoors similarly crackable
#1285 Serious TCP bug in Linux systems allows traffic hijacking
#1284 Windows 10 attack surface grows with Linux support in anniversary update
#1283 Dota 2 forum breach leaks 2 million user accounts
#1282 Microsoft Patch Tuesday – August 2016
#1281 Windows PDF library flaw puts Edge users at risk for RCE
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12