First there’s Microsoft’s new IE vulnerability revealed Saturday:
Late Saturday Microsoft revealed a vulnerability in all versions of Internet Explorer that is being used in “limited, targeted attacks.” They are investigating the vulnerability and exploit and have not yet determined what action they will take in response or when.
All versions of Internet Explorer from 6 through 11 are listed as vulnerable as well as all supported versions of Windows other than Server Core. Windows Server versions on which IE is run in the default Enhanced Security Configuration are not vulnerable unless an affected site is placed in the Internet Explorer Trusted sites zone.
Then there’s the new Flash Zero Day exploit:
A day after reports that attackers are exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser, researchers warned of a separate active campaign that was targeting a critical vulnerability in fully patched versions of Adobe’s ubiquitous Flash media player.
No patch available yet for critical bug affecting all supported versions of IE.
The attacks were hosted on the Syrian Ministry of Justice website at
hxxp://jpic.gov.syand were detected on seven computers located in Syria, leading to theories that the campaign targeted dissidents complaining about the government of President Bashar al-Assad, according to a blog post published Monday by researchers from antivirus provider Kaspersky Lab.
Finally there’s also this WordPress bug for users of a popular coder plugin:
Alex Mills announced an important security update today for his SyntaxHighlighter Evolved plugin. The 3.1.10 release includes a new version of the SyntaxHighlighter 3.x library to address an XSS security issue.