Microsoft better-late-than-never with 7-year-old patch

Patches from Microsoft, Gentoo, rPath, others Facebook hit by Nigerian 419 scam One in four DNS servers still vulnerable to Kaminsky flaw, survey says, and other interesting reading

Microsoft fixes critical Web bugs with security updates
Microsoft released two security updates for its Windows operating system Tuesday to patch flaws that could give attackers new ways to install malicious software on a victim's computer. IDG News Service , 11/11/2008.

Microsoft advisory

Also:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Microsoft fixes critical Web bugs with security updates
Microsoft released two security updates for its Windows operating system Tuesday to patch flaws that could give attackers new ways to install malicious software on a victim's computer. IDG News Service , 11/11/2008.

Microsoft advisory

Also:

Microsoft patch closes 7-year-old OS hole, expert says
A former Microsoft employee who's now CTO for a patch management firm says an update issued by Microsoft on Tuesday closes a vulnerability that has been exploited for almost seven years and that he first identified while working for the company. Network World, 11/12/2008.
**********

Flawed AVG antivirus update cripples Windows XP PCs
A flawed signature update to AVG Technologies' antivirus software over the weekend crippled some Windows XP PCs by mistakenly deleting a critical system file, the company has confirmed. Computerworld, 11/11/2008.

AVG's FAQ on how to fix the issue
**********

IBM's ISS blasts security rival Trend Micro over bugs
In an unusual move, a security company owned by IBM has publicly blasted a rival for not patching reported bugs in its enterprise-grade, server-side antivirus software. On Monday, David Dewey, a researcher with IBM's Internet Security Systems, explained why his company had released several advisories that covered multiple vulnerabilities in Trend Micro's ServerProtect software, even though according to IBM, Trend has not fixed the flaws. Computerworld, 11/12/2008.

IBM Frequency X blog: The Scoop on the X-Force TrendMicro Advisories
**********

Apple releases iLife Support 8.3.1 to fix flaws
An image handling flaw in Apple's iLife Support module, which is used by Aperture and other imaging applications, could be exploited to run malicious code on an unpatched machine. The new update repairs the bug.
**********

Four new updates for rPath:

initscripts (denial of service)

kernel (multiple flaws)

net-snmp (denial of service)

postfix (denial of service)
**********

Three new patches from Gentoo:

Graphviz (buffer overflow, code execution)

FAAD2 (buffer overflow, code execution)

Gallery (multiple flaws)
**********

Two new fixes from Debian:

libcdaudio (heap overflow, code execution)

ekg (denial of service)
**********

Today's malware news:

Facebook hit by Nigerian 419 scam
Scammers are trawling Facebook for victims using a convincing twist on the notorious 'Nigerian 419' scam. TechWorld, 11/10/2008

Mobile Malware: What Happens Next?
Four years ago, F-Secure Chief Research Officer Mikko Hypponen was talking about malware infections on mobile phones while few others were paying attention. With the growing use of Internet-enabled phones, particularly Apple's iPhone and RIM's Blackberry, he sees more opportunities than ever for malicious activity. But, surprisingly, he sees a quiet mobile malware landscape at the moment. CSO, 11/12/2008.
**********

From the interesting reading department:

One in four DNS servers still vulnerable to Kaminsky flaw, survey says
Despite industry efforts to lock down DNS servers, one in four remain vulnerable to cache poisoning due to the well-documented Kaminsky flaw identified earlier this year and another 40% could be considered a danger to themselves and others, recent research shows. Network World, 11/10/2008.