Digital Trends: Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Digital Trends: Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs. “There were already a number of reasons to not use Internet Explorer. But if you needed another one, here it is. According to ZDNet, a security researcher named John Page has published evidence of an Internet Explorer zero-day exploit that renders Windows PCs vulnerable to having their files stolen by hackers.”

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users. “Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.”

BetaNews: Google recommends upgrading to Windows 10 to avoid unpatched Windows 7 zero-day that’s being actively exploited

BetaNews: Google recommends upgrading to Windows 10 to avoid unpatched Windows 7 zero-day that’s being actively exploited. “Google is warning users of Windows 7 that they are at risk from a privilege escalation zero-day bug — and the advice is to upgrade to Windows 10 as there is no patch currently available for the actively exploited vulnerability. The problem stems from two vulnerabilities being exploited in combination — one in Chrome, and one in Windows.”

Naked Security: Serious Chrome zero-day – Google says update “right this minute”

Naked Security: Serious Chrome zero-day – Google says update “right this minute”. “We’re not big Chrome fans – we’ve always thought that Firefox is better in both form and function, to be honest – but we have Chrome installed at the moment and can tell you that the version you want is 72.0.3626.121, released at the start of March 2019.”

ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability

ZDNet: Adobe sends out second fix for critical Reader data leak vulnerability. “Adobe has released a second patch to resolve a critical zero-day vulnerability in Adobe Reader after its original fix failed. The vulnerability, CVE-2019-7089, was patched in Adobe’s February 12 patch release. Buried among 42 other critical bugs, the security flaw was described as a sensitive data leak problem which can lead to information disclosure when exploited.”

Ars Technica: Microsoft patches zero-day vulnerabilities in IE and Exchange

Ars Technica: Microsoft patches zero-day vulnerabilities in IE and Exchange. “Microsoft’s Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploit and an Exchange Server flaw that was disclosed last month with proof-of-concept code.”