Language Selection

English French German Italian Portuguese Spanish

List of Unpatched Windows Flaws Grows

Filed under
Microsoft

The list of unpatched security vulnerabilities in products embedded in the Microsoft Windows operating system just got longer.

Researchers at eEye Digital Security have flagged another high-severity flaw affecting users of two widely used Microsoft Corp. products-the Internet Explorer browser and the Windows Media Player application.

In all, eEye's "upcoming advisories" page lists seven unfixed flaws, all carrying a high-severity rating because of the remote code execution possibilities. Two of the seven vulnerabilities are more than 100 days overdue and affect the dominant IE browser.

Full Story.

More in Tux Machines

Red Hat General and Financial News

today's howtos

Tizen in Bolivia and India

Security Leftovers

  • Security updates for Wednesday
  • Microsoft says its best not to fiddle with its Windows 10 group policies (that don't work)

    On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third party servers including advertising hubs.

  • What's got a vast attack surface and runs on Linux? Windows Defender, of course
    Google Project Zero's Windows bug-hunter and fuzz-boffin Tavis Ormandy has given the world an insight into how he works so fast: he works on Linux, and with the release of a personal project on GitHub, others can too. Ormandy's project is to port Windows DLLs to Linux for his vuln tests (“So that's how he works so fast!” Penguinistas around the world are saying). Typically self-effacing, Ormandy made this simple announcement on Twitter (to a reception mixing admiration, humour, and horror):
  • Hacked in Translation – from Subtitles to Complete Takeover
    Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.
  • A Samba remote code execution vulnerability
    Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.