- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Critical holes newly fixed for Internet Explorer and Windows
Microsoft has re-issued two patches. One patch, originally issued during the April Patch Tuesday, is rated critical and affects
all recent version of Internet Explorer. The vulnerability is known as the "data stream handling memory corruption vulnerability."
It could enable remote code execution because of the way that IE processes data streams. If a user visits a Web page that
exploits the vulnerability, it could allow the attacker to gain the same user rights as the logged-in user. Microsoft Subnet,
04/23/08.
Updated patch bulletins:
Vulnerabilities in .NET Framework Could Allow Remote Code Execution
Cumulative Security Update for Internet Explorer
**********
Asterisk patches critical flaw
A flaw in the way the Asterisk PBX handle certain handshake sequences could be exploited to hijack calls. A fix is available.
**********
Two new updates from Ubuntu:
Gnumeric (buffer overflow, code execution)
Firefox (javascript flaw, code execution)
**********
Three new patches from Debian:
iceweasel (javascript flaw, code execution)
ikiwiki (cross-site forgery)
**********
Four new fixes from Gentoo:
VLC (buffer overflow, code execution)
DBmail (information disclosure)
CUPS (integer overflow, code execution)
**********
Today's malware news:
Microsoft: We took out Storm botnet
Microsoft today took credit for crushing the Storm botnet, saying that the malware search-and-destroy tool it distributes
to Windows users disinfected so many bots that the hackers threw in the towel. Computerworld, 04/22/08.
Hackers jack thousands of sites, including UN domains
Large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations, have
been hacked and are serving up malware, a security researcher said today as massive JavaScript attacks last detected in March
resume. Computerworld, 04/23/08.
**********
From interesting reading department:
FAQ: Windows XP SP3 ships - finally
Microsoft Monday finally slapped a "Done" sticker on Windows XP Service Pack 3 (SP3) and pushed it out the door. The designation
of SP3 as RTM, for "release to manufacturing," wasn't much of a surprise, given how the company's schedule leaked last week.
Computerworld, 04/21/08.
Jason Meserve is multimedia editor at Network World.
Comment