Archive for April, 2008
A security thinktank says it has found a vulnerability in Apple’s QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2. From the informations at GNUCitizen’s blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a website, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov. Mr Petkov stated that it is reasonably to believe that anyone knows how to exploit this vulnerability since he didn’t shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there.The Apple is notified about this issue and did not stated any official comments.
|
Filed Under ( Windows) by Telix on April-22-2008
 Microsoft has released new RC2 version of Windows XP Service Pack 3 that includes all previously released updates for Windows XP, security updates, out-of-band releases, and hotfixes. New stuff in this RC2 are small number of new updates that should not significantly change the Windows XP experience. At the same time Microsoft officials confirmed that final version of XP Service Pack 3 will be available in Windows Update and the Microsoft Download Center on April 29th.
|
Last week Mozilla and Apple has released new fresh updates of their browsers. Mozilla Firefox 2.0.0.14 patches the security problems in the JavaScript engine described in previous Firefox release, where some users experienced crashes during JavaScript garbage collection. On the other hand Apple updated Safari to 3.1.1 and patched several security issues concerning a maliciously crafted website may control the contents of the address bar and visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution among many. It is recommended to updated your favorite browsers as soon as possible.
|
Security researchers have found malicious code that can trigger a critical vulnerability in the Chinese version of Windows 2000. The non-Chinese users are warned to expect same attacks. Symantec confirmed that the code posted to the milw0rm.com site successfully attacks Chinese editions of Windows 2000 Service Pack 4 (SP4) exploiting one of the two critical bugs in Windows GDI, or graphics device interface, that Microsoft patched last week. So far attack code works only on Chinese versions of Windows 2000 while crashes Explorer, the Windows file manager, on non-Chinese versions of the OS. Security researchers urged the Windows 2000 users to update all the fixes released by Microsoft in MS08-021 security bulletin to patch their systems.
|
 Internet security company Websense has reported that hackers have managed to break Microsoft’s Live Hotmail CAPTCHA tools in about 6 seconds. As reports say latest attack on Microsoft’s Hotmail is an evolutionary leap because hackers’ tools are automated and operating almost instantaneously. CAPTCHAs are viewed as a spam defense and a way to distinguish humans and computers. However Google says CAPTCHA security are still useful, but other start to claim it is not true. The steps of the CAPTCHA eluding attack are similar to previous attacks, according to Websense. A bot hooks into Internet Explorer, observes account names, uses IE to sign up for Hotmail accounts, grabs CAPTCHA and breaks it, creates multiple accounts and then use them for sending spam.
|
Adobe has released a security bulletin informing all Internet users about multiple vulnerabilities in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, that could lead to the potential execution of arbitrary code remotely. Additionally the update includes DNS rebinding attack and cross-domain policy countermeasures. It is strongly recommended to update to the newest Adobe Flash Player version, 9.0.124.0
|
Virus Bulletin website tested 37 different Vista-based security programs to see which could manage to reach the level of threat detection required for ‘VB100′ Certification. Out of 37 tested, 17 failed the tests, including products from McAfee, Sophos, and Trend Micro. VB100 test sets very high detection bar of 100 percent of a subset of malware defined by a malware collection known as the ‘WildList’. Programs must also, using default settings, avoid false positives - false flagging files as malware infected when they are in fact innocent. While McAfee, Sophos and Trend detected 99.99% of the WildList, other programs fell some way short of this ‘almost’ status. Doctor Web reached only 95.21%, and Security Coverage PC Live managed just 84.35%. Microsoft’s criticized Windows Live OneCare and Forefront Client Security both hit the VB100 100 percent mark.
|
Filed Under ( Software) by Telix on April-4-2008
This Wednesday Apple has released new QuickTime update on all platforms addressing flaws occurring when the application opens a movie that has been specially crafted to take advantage of flaws in the software. Several of the vulnerabilities are buffer overflows, where a problem with an application’s use of memory can be exploited in order to run other code. Latest up to date version QuickTime is now 7.4.5 and Apple’s Software Update function will download the new patches for computers running Windows and Apple’s Mac OS X.
|
Filed Under ( Windows) by Telix on April-4-2008
This Thursday Microsoft issued 25th security bulletin this year fixing critical patches in Vista and Windows Server 2008. Also three fixes are for all flavors of Windows, Internet Explorer and Office. In its patch day advance notification for its Tuesday update, Microsoft issued five critical bulletins to address remote code execution vulnerabilities. Microsoft said it will patch critical flaws in Vista, Windows Server 2008, Windows Server 2003 (SPs 1 and 2), IE 6 and 7 and Office XP SP3, 2003 and 2007 Microsoft Office System among others.
|
It is April Fool’s Day and we are informed about new storm mails that link to the IP address. If you follow the link you will be redirected to the interesting page with downloadable executable, so it is advise to be very cautious if you receive any Fool’s Day messages today!
|
|
|
