January 4, 2013 
IE 0day, Fraudulent Certs, and Damaged Drivers
Happy New Year everyone, and welcome back to 2013′s first episode of WatchGuard Security Week in Review (WSWiR).
If you are new to our blog, the WSWiR vlog is a weekly video podcast designed to keep busy IT admins up-to-date with the latest security news and events every week. I cover big breaches, zero day flaws, software updates, and many other security stories, and also share some practical defense tips along the way. If you want a quick recap of the week’s InfoSec news, give our show a try.
This week’s episode has a strong Microsoft theme. I cover a zero day IE exploit found in the wild, some fraudulent digital certificates found by Microsoft, and their upcoming Patch Day. I also throw in a few non-Microsoft news items as well, and an update about the Samsung phone vulnerability mentioned in a previous episode. If you want the skinny on the latest security news, click play below (or check out the Reference section if you’re rather read up on these issues).
One aside; I had planned a new, shorter intro to these episodes to launch with the new year (as per request), but simply ran out of time. I will shorten it soon.
(Episode Runtime: 9:52)
Direct YouTube Link: http://www.youtube.com/watch?v=0B3pd4gX8KY
Episode References:
- Microsoft Stories
- IE zero day exploit in the wild - WGSC
- Fraudulent TurkTrust advisory - Microsoft TechNet
- Next week’s Patch Day details - WGSC
- Nvidia device drivers vulnerability – Tom’s Hardware
- Ruby on Rails SQLi update - Ruby on Rails Blog
- Samsung fixes Exynos vulnerability - The Next Web
- BREAKING UPDATE: Microsoft’s IE FixIt doesn’t quite do the job - Threat Post
Thank you Corey! I’ve got Samsung Galaxy, so definitely, will check for updates.
Cool. Recent news is the researcher who discovered the flaw has confirmed that Samsung’s update does fix it. So once patched, you’re good. (Unlike the IE FixIt, which seems like a partial fix)