Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED WHITEPAPERS

Enterprise Linux: How Oracle Support Differentiates Itself in a Commodity Market Oracle

Linux has proven itself to be a versatile solution across a variety of hardware architectures to support workloads ranging from basic infrastructure services to enterprise-class database deployments. Today, Linux is commonly found operating in some capacity within most larger organizations, and over time, it has captured many of the same workloads that previously were deployed aboard RISC platforms running Unix operating systems. Read IDC's report on how Oracle support differentiates itself in a commodity market.

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Reduce the Complexity and Cost of Windows Server Consolidation in Six Modules Novell

Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

If Microsoft does nothing to fix the problem in a timely manner, that is wrong and makes for poor business...- Anonymous

Join the Discussion

Two new Microsoft bugs in the wild

Patches from Gentoo, Ubuntu, Debian, others Rock Phish gang adds second punch to phishing attacks MySpace hack reveals profile visitors, and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 04/21/2008
  • Social Web 
  • Email 
  • Feedback 
  • Close

Chinese blogs detail zero-day flaw in Microsoft Works
Chinese-language blogs are detailing a zero-day vulnerability in Microsoft Works, the company's lower-end office productivity suite, according to security vendor McAfee. The vulnerability is within an ActiveX control for the Works' Image Server, wrote McAfee analyst Kevin Beets. A PC would need to visit a Web site engineered to exploit the flaw, Beets wrote.

McAfee Avert Labs blog: Potential Microsoft Works ActiveX Zero-Day Surfaces

Microsoft rings alarm on Windows rights bug
Microsoft Corp. yesterday issued a security alert to warn users of a bug in most versions of Windows, but didn't promise to fix the flaw or -- if it does patch the problem -- say when a fix would be released. Computerworld, 04/18/08.

Microsoft: Vulnerability in Windows Could Allow Elevation of Privilege
**********

Seven new patches from Gentoo:

PowerDNS Recursor (DNS cache poisoning)

Adobe Flash Player (multiple flaws)

Sun JDK/JRE (multiple flaws)

PHP Toolkit (data leak, denial of service)

Poppler (code execution)

Speex (code execution)

rsync (buffer overflow, code execution)
**********

Two new updates from Ubuntu:

Poppler (code execution)

Squid (denial of service)
**********

Six new fixes from Debian:

mplayer (input sanitization, code execution)

python 2.4 (multiple flaws)

suphp (privilege escalation)

ClamAV (buffer overflows, code execution)

xpdf (multiple flaws)

openoffice.org (multiple flaws)
**********

Three new patches from Mandriva:

Poppler (code execution)

ClamAV (buffer overflows, code execution)

policykit (format string, denial of service)
**********

Today's malware news:

Loads.CC Bot Still Live, Still Targeted
Enough has been written about the Loads.CC team to probably give you enough of a picture that you need to know. Some reports suggested they went away, but they didn't. They’re still active. See these reports by RBN exploit, CIO magazine, 2-viruses.com, this PC Week article by Scott B, and Adam T for a good background. The team is still quite active. Security to the Core blog, 04/17/08.

1 | 2 | 3 |  Next >
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code