Stories
Slash Boxes
Comments

SoylentNews is people

It's Nearly 2015 and Your Windows PC Can Still be Pwned by a Visual Basic Script

posted by LaminatorX on Thursday December 11 2014, @10:47PM   Printer-friendly
from the patchwork-guilt dept.

"gewg_" writes:

El Reg reports

Microsoft has patched 25 software vulnerabilities--including bugs that allow hackers to hijack PCs via Internet Explorer, Word and Excel files, and Visual Basic scripts.

Microsoft said its December's edition of Patch Tuesday includes critical fixes for Windows, Office and Internet Explorer as well as a patch for Exchange.

MS14-80: Addresses 14 security flaws in Internet Explorer, including various remote-code execution vulnerabilities and an ASLR bypass. The patch is considered a low risk for Windows Server systems, but critical for desktops, laptops and tablets. All the flaws were privately reported, and credit was given to various independent researchers as well as the HP Zero Day Initiative, Qihoo 360 and VeriSign iDefense Labs.

MS14-81: Two vulnerabilities in Word and Office Web Apps that allow an attacker to remotely execute code on targeted systems if the victims open booby-trapped documents. This update also applies to users running Office for Mac. Credit was given to Google Project Zero researcher Ben Hawkes, who privately reported the flaws to Microsoft. Rated as Critical.

MS14-84: A remote-code execution vulnerability (CVE-2014-6363) in the Windows VBScript engine can be exploited via a specially crafted webpage. Credit for discovery was given to SkyLined and VeriSign iDefense Labs. Rated as Critical.

The article also mentions Adobe software and Linux. Are any Soylentils running that combination?

 
This discussion has been archived. No new comments can be posted.
It's Nearly 2015 and Your Windows PC Can Still be Pwned by a Visual Basic Script | Log In/Create an Account | Top | 37 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Pino P on Thursday December 11 2014, @11:18PM

    by Pino P (4721) on Thursday December 11 2014, @11:18PM (#125298) Journal

    The article also mentions Adobe software and Linux. Are any Soylentils running that combination?

    I use Xubuntu, Firefox, and Adobe Flash Player with the Flashblock extension [mozilla.org]. This lets me view SWF on Newgrounds, Kongregate, Dagobah, Albino Blacksheep, and certain YouTube videos with ads, without Flash ads interfering with my experience on other sites. And until third-party SWF players such as Gnash or Mozilla Shumway mature, I imagine most users of desktop X11/Linux have run Adobe Flash Player at least once within the past 3 months.

    Starting Score:    1  point
    Moderation   -1  
       Overrated=1, Total=1
    Total Score:   0  

  • (Score: 2) by Snotnose on Friday December 12 2014, @12:27AM

    by Snotnose (1623) on Friday December 12 2014, @12:27AM (#125323)

    I've got Kali Linux with Iceweasel. About 2/3 of the webpages throw up a popup "want to install plugin required to render this page correctly: Flash". I always dismiss it, and so far all pages have rendered properly. I'm guessing it's the ads on the pages that want flash.

    Doesn't bother me, I use the lappie for pen testing and writing device drivers. I've got a much more capable system (read: bigger screen) that I use to browse the web with while doing said testing and writing drivers.

    --
    Relationship status: Available for curbside pickup.

  • (Score: 0) by Anonymous Coward on Friday December 12 2014, @01:04AM

    by Anonymous Coward on Friday December 12 2014, @01:04AM (#125330)

    And if ever third-party SWF players such as Gnash or Mozilla Shumway mature

    FTFY