Microsoft Ships Seven Bulletins Fixing 23 Bugs

Microsoft released seven bulletins fixing 23 vulnerabilities in their patch Tuesday announcement today. The Redmond, Wash., software giant rated three of the bulletins as ‘critical,’ all of which could lead to remote code execution, and the remaining four as ‘important.’

MS Discovers Over 1,800 Office 2010 Bugs

Microsoft uncovered more than 1,800 bugs in
Office 2010 by tapping into the unused computing horsepower of idling
PCs. Office developers
found the bugs by running millions of “fuzzing” tests, said Tom
Gallagher, senior security test lead with Microsoft’s Trustworthy
Computing group. Read the full article. [Computerworld]

Cisco Buffer Overflow, DDoS Flaws Revealed

Cisco has discovered a buffer overflow in version 2.6 of CiscoWorks Internetwork Performance Monitor (IPM) and previous versions for Windows; the flaw allows attackers to compromise vulnerable systems remotely, as well as a DDos flaw in Cisco IOS XR. Read the full article. [The H Security]

According to a statement by D-Link, firmware updates for its DIR-635
(HW-Revision B), DIR-655 (HW-Revision A1-A4) and DIR-855 (HW-Revision
A2) router models are now available to download at to close the
recently discovered hole in the Home Network Administration Protocol
(HNAP) of these devices. Read the full article. [The H Security]

A Georgia mother and her two daughters logged onto Facebook from mobile
phones last weekend and wound up in a startling place: strangers’
accounts with full access to troves of private information. Read the full article. [Associated Press]

The Internet Engineering Task Force (IETF) has
completed a security extension to the Secure Sockets Layer (SSL)
protocol that fixes a flaw affecting browsers, servers, smart cards,
and VPN products, as well as many lower-profile devices, such as
Webcams, that contain the protocol embedded in their firmware. Read the full article. [Dark Reading]

In the fall of 2009, districts in Colorado,
Illinois, Oklahoma and Pennsylvania all reported thefts of tens of
thousands of dollars. The threat continues: on January 5, 2010, the Duanesburg, New York
Central School District disclosed an attempted theft of $3.8 million,
about a quarter of the district’s operating budget. Read the full article. [Help Net Security]

Banks, military contractors and software companies, along with federal
agencies, are looking for “cyber ninjas” to fend off a sophisticated
array of hackers, from criminals stealing credit card numbers to
potential military adversaries. Read the full article. [NY Times]

People have one more reason to celebrate the new
year, according to the Shadowserver Foundation: Nearly a million
Conficker-infected computers have oddly disappeared overnight. Read the full article. [Security Focus]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.