- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Linux has proven itself to be a versatile solution across a variety of hardware architectures to support workloads ranging from basic infrastructure services to enterprise-class database deployments. Today, Linux is commonly found operating in some capacity within most larger organizations, and over time, it has captured many of the same workloads that previously were deployed aboard RISC platforms running Unix operating systems. Read IDC's report on how Oracle support differentiates itself in a commodity market.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
If Microsoft does nothing to fix the problem in a timely manner, that is wrong and makes for poor business...- Anonymous
Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP SP3.
Fortunately, attack incompetence means that these initial sorties have been unsuccessful, Symantec Corp. said in a brief warning to customers of its DeepSight threat service. "The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008," said Symantec in its alert.
On Tuesday, Microsoft patched two bugs, both pegged as "critical," in Windows' GDI, or graphics device interface, one of the core components of the operating system. According to Microsoft, every current version of Windows, including the very newest, Vista Service Pack 1 (SP1) and Server 2008, is open to attack.
The vulnerabilities can be triggered by malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) image files, Microsoft noted in its accompanying advisory .
Analysts on Tuesday fingered the GDI bugs as the most dangerous of the 10 disclosed and patched by Microsoft that day. They noted similarities between the two new vulnerabilities and others revealed in late 2005, which were extensively exploited by attackers for months afterward.
Amol Sarwate, manager of Qualys's vulnerability research lab, said at the time that he expected attackers to quickly begin leveraging the bug. "Users who simply view an image online or in e-mail could be compromised," he said.
Thursday, Symantec said it had spotted three different Web sites hosting malicious WMF/EMF image files that were targeting one of the two GDI bugs. However, those images weren't able to exploit the flaw. "Analysis of the images has shown that although [they] appear to be malicious, they do not contain enough data in the associated image property to sufficiently trigger the vulnerability," read Symantec's warning. "We are still investigating the issue as to why this may be the case."
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Chicken and egg for Microsoft flawBy Microsoft Subnet on April 15, 2008, 12:16 pmDid the attackers discover the flaw after reading the Microsoft Security bulletin? It sure looks that way. Get a jump on this kind of news from Network World's Microsoft...
Reply | Read entire comment
View all comments