Hello, and welcome to this month’s blog onthe Microsoft patch releases. Microsoft released seven bulletins thismonth, covering a total of eleven vulnerabilities. Nine of thevulnerabilities affect Microsoft Vista either directly or throughapplications running on that operating system.
The first three bulletins discuss seven client-side vulnerabilitiesrated “Critical” by Microsoft. Four of those are vulnerabilities inInternet Explorer, two more affect DirectX, and the seventh is avulnerability affecting the Windows Media Format Runtime. These issuesdo require some sort of user interaction (such as visiting a maliciousWeb page, opening a malicious email, or opening a malicious file), butcan aid in the remote compromise of a victim’s computer. Users areadvised to use security best practices, including avoiding sites ofunknown or questionable integrity.
The remaining vulnerabilities (four issues rated as “Important”) areeach documented in their own...
December 9, 2006, marks the day when long standing contributor to the PHP Security Response Team, Stefan Esser, retired. He has stated a few reasons for this latest move, primarily focusing on (in his opinion) the lack of response from his fellow colleagues and an extended delay in the patching of known vulnerabilities. Possibly another example of how some individuals or groups may choose to view “responsible disclosure.”
Over the years, SecurityFocus has reported on multiple vulnerabilities affecting PHP, such as BIDs 20879 (PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities), 19582 (PHP Multiple Input Validation Vulnerabilities ),...
