This week, H.D Moore, the creator of Metasploit, and now CSO of Rapid7, released a detailed report unveiling his team’s months-long research into the security of the Universal Plug and Play (UPnP) protocol.

If you’ve read my two posts [ 1 / 2 ], and watched this week’s video, you already know all about the zero day vulnerability plaguing Internet Explorer (IE) this week. In my last update, I mentioned Microsoft promised to release a full, out-of-cycle patch for this serious vulnerability today. True to their word, they did just that.

A few days ago, I posted an alert about a zero day Internet Explorer (IE) vulnerability that attackers were exploiting in the wild. By luring you to a web site containing malicious code, a remote attacker can exploit this flaw to execute code on your computer, with your privileges. To most Windows users, this means the attacker gains complete control of your computer.

Yesterday, Microsoft released a critical security advisory warning customers of a serious new zero day vulnerability in Internet Explorer (IE), which attackers are exploiting in the wild.