Microsoft has released update packet that contains 13 updates. Of these updates five are categorized as critical, seven as important and one as moderate.
New version of Windows Malicious Software Removal Tool (MSRT) was also released.
More information of the updates can be read from Security Bulletin Summary For February.
Tuesday, February 9, 2010
Thursday, February 4, 2010
New Vulnerability In Internet Explorer
Microsoft is investigating new publicly reported vulnerability in Internet Explorer. If a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.
The versions not running in Protected Mode include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
There's no patch released yet. More information including some workarounds can be read from the security advisory.
The versions not running in Protected Mode include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
There's no patch released yet. More information including some workarounds can be read from the security advisory.
Tuesday, February 2, 2010
Watch Out IQ Test Posing Pest
ESET and BitDefender researchers have discovered malicious worm that disguises itself as IQ test. So far, two variants, Win32/Zimuse.A and Win32/Zimuse.B, have been seen.
"Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible."
Since 64 bit versions of Windows Vista and Windows 7 require digitally signed drivers the pest fails to install itself on machine with either of these operating systems installed.
Both BitDefender and ESET have Zimuse removal tool available.
More information:
BitDefender blog entry
ESET press release
Source
"Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible."
Since 64 bit versions of Windows Vista and Windows 7 require digitally signed drivers the pest fails to install itself on machine with either of these operating systems installed.
Both BitDefender and ESET have Zimuse removal tool available.
More information:
BitDefender blog entry
ESET press release
Source
Tuesday, January 26, 2010
New Version of Google Chrome Released
Google has released a new version of their Chrome web browser. The first stable version of Chrome 4 contains some new features like long-waited support for extensions and bookmark syncing. A bunch of security issues has been fixed too.
More information can be read from Chrome Releases blog.
More information can be read from Chrome Releases blog.
Saturday, January 23, 2010
Microsoft Patches Internet Explorer Vulnerability
Microsoft has fixed the Internet Explorer (IE) vulnerability I blogged about last week. The update MS10-002 patches also a few other IE vulnerabilities. More details can be read from the correspondent security bulletin.
Wednesday, January 20, 2010
Updated Shockwave Player Available
Adobe has released a new version of their Shockwave Player. The update contains fixes for a few vulnerabilities that could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. The affected versions are Shockwave Player 11.5.2.602 and earlier. Fresh version can be obtained here.
More information can be read on Adobe's Security Bulletin.
More information can be read on Adobe's Security Bulletin.
Security Updates For RealPlayer
RealNetworks has released updates that patch eleven vulnerabilities in different RealPlayer versions. More information about affected versions and patching can be read here.
Subscribe to:
Posts (Atom)
