Security Thoughts: Internet Explorer 8 Woes (CVE-2014-1770)

Last week, the Zero Day Initiative (ZDI) decided that Microsoft has had enough time within its coordinated vulnerability disclosure program to fix a vulnerability in Internet Explorer 8. This use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call … Continue reading "Security Thoughts: Internet Explorer 8 Woes (CVE-2014-1770)"

Security Thoughts: The Inconvenient Truth about CVE-2014-1776 (aka “The Windows XP Mega Vulnerability”)

Looking at the news these last couple of days, you’d think the XPocalypse has begun. A vulnerability has been discovered in Internet Explorer 6 through 11 and code has been made publicly available to attack it. Since, according to several websites, this is a critical vulnerability that was discovered after Microsoft officially ended support for … Continue reading "Security Thoughts: The Inconvenient Truth about CVE-2014-1776 (aka “The Windows XP Mega Vulnerability”)"