Posts by: Robert Vamosi
Zero-day exploit hits Internet Explorer
Robert Vamosi | Dec 11, 2008
One flaw not addressed in the recent patch is a heap overflow within the XML parser reported on Wednesday by Bojan Zdrnja of the SANS Internet Storm Center.
The exploit in the wild on Wednesday creates an XML tag, then waits 6 seconds in an attempt to thwart antivirus engines. The exploit could then crash the browser and run malicious code when the browser is restarted. The user must be running Windows XP or Windows Server 2003, and using Internet Explorer 7.
Zdrnja writes that "at this point in time, it does not appear to be wildly used, but as the code is publicly available, we can expect that this will happen very soon."
A Microsoft representative said the company is "investigating new public claims of a possible vulnerability in Internet Explorer. Once we're done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update, or additional guidance to help customers protect themselves."
Read more »
Microsoft fixes 28 flaws; 6 are critical
Robert Vamosi | Dec 10, 2008
Microsoft on Tuesday released its December 2008 security bulletin. The "critical" bulletins affect Windows GDI, Word, Excel, Internet Explorer and Windows Search. The "important" updates affect SharePoint and Windows Media Components.
Microsoft is including within each bulletin an "exploitability index" to help system administrators prioritize the patches. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
MS08-070: Critical
Exploitability index: 1-2. Microsoft recommends that customers apply the update immediately. Titled "Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)", this bulletin affects the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .Net 2002, Microsoft Visual Studio .Net 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, and Microsoft Office Project 2007. This bulletin addresses the vulnerabilities detailed in CVE-2008-4252, CVE-2008-4253, CVE-2008-4254, CVE-2008-4255, CVE-2008-4256, and CVE-2008-3704, which could allow remote code execution "if a user browsed a Web site that contains specially crafted content," Microsoft says.
Read more »
Apple updates Safari with 11 security fixes
Robert Vamosi | Nov 14, 2008
On Thursday, Apple released Safari 3.2. Although the update affects both Mac
and Windows users, many of the Mac updates were provided in Apple's October update for Mac OS X
users. The update includes eight fixes specific to Safari and three specific to
Webkit.
Safari 3.2 is available via the Apple Software Update application, the Apple Software Downloads page, or Apple's Safari download site.
Safari-1
This patch affects Safari users on Windows XP or Vista. This update addresses multiple vulnerabilities in zlib 1.2.2 detailed within CVE-2005-2096. Apple credits Robbie Joosten of bioinformatics@school, and David Gunnells of the University of Alabama at Birmingham for reporting the vulnerabilities.
Safari-2
This patch affects users of Windows XP or Vista. This update addresses the security issue in the libxslt library detailed within CVE-2008-1767 in which processing an XML document may lead to an unexpected application termination or arbitrary code execution. Apple credits Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of the Google Security Team for finding the vulnerability.
Read more »
Video: Hands-on Windows 7 alpha
Robert Vamosi | Nov 07, 2008
Our colleagues in the US have got their hands on an alpha version of the upcoming Vista replacement from Microsoft, Windows 7.
Take a look to see the changes that have been made to the menus, with a new login screen, better file transfer via Bluetooth and a feature taken from Office 2007 called ribbons.
This groups tasks into sets in an attempt to make things easier, although it does mean that all the buttons you're used to seeing have been moved around. The video also looks at the improved User Account control, to try and reduce the annoying pop-up messages you get in Vista.
We're expecting to see Windows 7 around 2010, although there's an outside chance it'll be ready for Christmas 2009.
Botnets on cell phones in 2009?
Robert Vamosi | Oct 17, 2008
In Traynor's view, if botnets, or large networks of infected computing devices, gain a foothold on mobile devices, they could be used to create a distributed denial of service attack on the cellular network itself, inconveniencing thousands of cell-phone customers.
But the future need not be so dire.
Read more »
Crave is...
The name says it all. Crave is our blog about cool gadgets and other crushworthy stuff.
Drop us an email if you have tips or suggestions.
Crave for...
» Mobile Phones (2187)
» Digital Cameras (965)
» Notebooks (1222)
» PC & Peripherals (1295)
» Handhelds (581)
» Printers (79)
» Home AV (1129)
» Music & Play (883)
» Gadgets (1465)
» Future Tech (384)
» Green Tech (169)
» Lifestyle (150)
» Luxury (22)
» Home Appliances (57)
» Cars (98)
» Games and Gear (244)
» Software (89)
» Web (97)
Previously...
Hot Topics
What's Hot
apple apple inc. apple iphone apple ipod asia battery camera game google inc. iphone microsoft corp. microsoft windows mobile phone photograph singapore smart phone software sony corp. video
Copyright © 2009 CBS Interactive Inc. All rights reserved. Privacy Policy.
