Ryan Naraine

Microsoft Patches Critical IE, Windows Vulnerabilities

Microsoft
today shipped six bulletins with patches for a total of 12 documented
security vulnerabilities in a wide range of widely deployed software
products.  Three of the six bulletins are rated “critical,” Microsoft’s
highest severity rating.
The most serious issues affect the company’s Internet Explorer browser, including the newest IE 8 on Windows 7.

Critical Adobe Flash Patch Coming

Here’s an important security heads-up to all computer users: Adobe plans to ship a critical Flash Player update next Tuesday to fix multiple serious security vulnerabilities.The patches will be released alongside updates from Microsoft and will affect all platforms — Windows, Mac OS X and Linux.

MS to Patch Critical IE Zero-Day Flaw

Just two weeks after the release of exploit code
for a critical (remotely exploitable) security hole in its Internet
Explorer browser, Microsoft says a fix will be included in this month’s
batch of Patch Tuesday updates.


Adobe’s
security response team is scrambling to deal with the release of
exploit code for what appears to be a critical zero-day flaw in the
Adobe Illustrator CS4 software product.
The vulnerability is caused due to an error in the parsing of
Encapsulated Postscript Files (.eps) and can be exploited to corrupt
memory when a user opens a specially crafted .eps file. Successful
exploitation allows execution of arbitrary code.

The
Internet Systems Consortium (ISC) has shipped a patch to cover a
“severe” cache poisoning vulnerability for BIND 9 users who have DNSSEC
validation turned on. The vulnerability exists in the way BIND 9 handles recursive client queries
that may cause additional records to be added to its cache.

The craze in online games among Chinese netizens is fuelling an increasingly lucrative real-world market for computer hackers, security firms have said.  A report by state broadcaster CCTV said Trojan-horse attacks, which allow hackers remote access to a targeted computer system, make up a market expected to be worth 10 billion yuan (S$2 billion) this year.  Read the full story [asiaonline.com]

The move by India’s top business schools to take their CAT entrance test online turned embarrassing after malware-infected computers left a number of students unable to take the test.Prometric, a Baltimore, Maryland testing company hired to conduct the CAT (Common Admission Test), said this week that the testing labs faced technical difficulties mainly due to malware and viruses.  Read the full story [IDG News Service]

Facebook was built as a powerful social connector, allowing users to befriend others with similar interests, locations, schools, and more. But as privacy concerns mount and users demand more protection, the social networking site’s philosophy has started to go down the toilet. Now that Facebook is eliminating regional networks — or groupings of people based on where they live — it’s becoming apparent that proclivities lean towards building fences rather than crossing them. Read the full story [PCWorld].  Also see: How to protect your privacy on Facebook and Twitter.

Malicious hackers are using fake alerts around H1N1 (Swine Flu) vaccines to trick end users into installing malware on Windows computers, according to warnings issued by computer security firms.The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile.  During this process, a malware file gets planted on the user’s machine.

Hackers
can use maliciously rigged PDF files to hack into corporate systems
hosting the BlackBerry Attachment Service, according to a warning from
the makers of the popular smartphone.
Research in Motion (RIM) issued an advisory with patches for
multiple flaws in the PDF distiller service and warned and an attacker
could exploit the issues by simply e-mailing a booby-trapped PDF file
to a BlackBerry user.