Digital Trends: Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Digital Trends: Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs. “There were already a number of reasons to not use Internet Explorer. But if you needed another one, here it is. According to ZDNet, a security researcher named John Page has published evidence of an Internet Explorer zero-day exploit that renders Windows PCs vulnerable to having their files stolen by hackers.”

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users. “Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.”

ZDNet: Temporary fix available for one of the two Windows zero-days released in December

ZDNet: Temporary fix available for one of the two Windows zero-days released in December. “In December 2018, a security researcher going by the name of SandboxEscaper published details and proof-of-concept (PoC) demo code for two Windows zero-days. Today, cyber-security firm Acros Security published a temporary patch for the second zero-day, a patch that protects Windows systems against any exploitation attempts.”

The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO!

The Register: Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO! . “Stop us if you’ve heard this one before: An Adobe Flash zero-day vulnerability is being actively targeted in the wild to hijack victims’ Windows PCs. Researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 uncovered a phishing campaign that exploits CVE-2018-15982, prompting Adobe to today release an out-of-band emergency update to patch up the flaw.”

BetaNews: 0patch creates a 0-day patch for Windows gdi32.dll vulnerability before Microsoft

If you like living dangerously, you might want to check out this third-party patch for a recently-disclosed Windows vulnerability. “A new project going by the name of 0patch has created a ‘0patch’ for a zero-day, addressing the Windows gdi32.dll memory disclosure (CVE-2017-0038) yet to be fixed by Microsoft. As the issue is unlikely to receive an official patch until at least the middle of March, this third-party option is all that’s available for now.”