Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Oracle emergency patch and a Microsoft Dozen

Patches from Oracle, Microsoft, Gentoo, others Fake-CNN spam mutates as attacks Court halts subway hacker talk, and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 08/11/2008
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Oracle issues out-of-cycle patch for flaw
Oracle has released an emergency patch for a flaw the company issued a rare security alert for last week. Administrators should not apply the work-arounds the company previously recommended and apply the patch, Oracle said.

Oracle advisory
**********

Reduce Your Private WAN Bill 40-90% With Adaptive Private Networking: View now

A dozen patches from Microsoft this week
Microsoft Corp. today said it will deliver a dozen security updates next week to fix critical vulnerabilities in Windows, Office, Internet Explorer (IE) and the media player bundled with Vista. Of the 12 updates it sketched out in the advance notification issued this morning, Microsoft pegged seven as "critical," its highest threat rating. The remaining five were labeled "important," the second-highest ranking. Computerworld, 08/07/2008.
**********

ActiveX Vulnerabilities: Even When You Aren't Vulnerable, You May Be Vulnerable
Recently, we came across a rather unfortunate exploit case for the Access Snapshot Viewer ActiveX Vulnerability that took advantage of a property of the ActiveX system to exploit IE users who did not have the vulnerable control installed. How does one exploit a vulnerability that does not exist on a system you say? Sadly, attackers have found a way to install the vulnerable Access Snapshot Viewer ActiveX control through Internet Explorer prior to exploiting it. Symantec Security Response blog, 08/06/2008.
**********

Related Content

Five new patches from Gentoo:

ISC DHCP (buffer overflow, denial of service)

OpenLDAP (denial of service)

stunnel (authentication bypass)

ClamAV (multiple flaws)

libxslt (heap overflow, code execution)
**********

Four new updates from Mandriva:

Python for Mandriva 2007.1 and greater (multiple flaws)

Python for Corporate 4.0 (multiple flaws)

qemu (multiple flaws)

rxvt (denial of service)
**********

Today's malware news:

SQL Injection Attacks Targeting Chinese-oriented Sites
With all the attention on China these days, especially in conjunction with the Beijing 2008 Olympics Games, and with 'China' being one of the more popular search engine keywords at the moment, it makes sense for malware writers to focus their attention on the Chinese web -- and we've been seeing some interesting examples of SQL injection attacks specifically targeting website designed for a Chinese audience, whether from the mainland or overseas. F-Secure, 08/08/2008.

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed