high-profile online advertising Web site has been hacked and rigged to
serve multiple exploits to Microsoft Windows users surfing the net with
unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net,
which is described as a high-profile advertiser on the Internet realm.
The site has been firing an assortment of exploits for several months,
including exploits for vulnerabilities in Microsoft DirectShow and
Adobe PDF Reader. Read the full advisory [websense.com]
Browsing Tag: vulnerabilities
part of its scheduled batch of patches for November, Microsoft today
issued six security bulletins with fixes for a total of 15
vulnerabilities affecting its Windows and Office product lines.
Three of the six bulletins are rated “critical,” meaning they can be
used to launch remote code execution or worm attacks without any user
action. One of the Windows vulnerabilities could expose users to
drive-by malware attacks via the browser, Microsoft warned.
Microsoft plans to release six security [img_assist|nid=1411|title=|desc=|link=none|align=left|width=115|height=115]bulletins next Tuesday
November 10 to fix at least 15 serious vulnerabilities that could
expose Windows users to malicious hacker attacks.
According to Microsoft’s advance notice
for this month’s Patch Tuesday, the updates will address gaping holes
in the Windows operating system and the Microsoft Office productivity
suite. Read the notice from Redmond [microsoft.com]
Sun Micros[img_assist|nid=1535|title=|desc=|link=none|align=right|width=115|height=115]ystems and Research In Motion have issued critical bug fixes for security issues with their products. Both updates include fixes for critical security bugs that could be abused by attackers to run unauthorized software on a victim’s computer, although none of the flaws appear to have been publicly known before Tuesday. Read the full story [IDG News Service/Robert McMillan]
Windows Vista is dramatically more secure than Windows XP, according Microsoft’s latest Security Intelligence Report. The infection rate of Windows Vista SP1 was 61.9 percent less than Windows XP SP3, the company said.[img_assist|nid=1495|title=|desc=|link=none|align=right|width=115|height=115]The report covers the first half of 2009 and is the seventh such twice-yearly report the company has issued. The study found that for all Microsoft operating systems that the most current service pack is always the least infected, based on infections per 1,000 computers running each OS. Windows 7 was not included in the report. Read the full report [Network World]
Microso[img_assist|nid=1433|title=|desc=|link=none|align=left|width=115|height=115]ft Corp. pours more money into software security than any other
major vendor both because it has to and because it can. Yet for all the
investments in security, the number of vulnerabilities discovered in
the company’s products has increased over the years, prompting
questions over whether the company has reached the limits of its
ability to debug software.
After releasing its largest-ever group of security[img_assist|nid=1292|title=|desc=|link=none|align=left|width=120|height=115] patches two weeks ago, Microsoft has done a little cleaning up.Over the past few days, the company has re-released two security updates and issued a workaround for a Windows CryptoAPI patch that caused Microsoft’s own instant-messaging server to crash. Read the full story [IDG News Service/Robert McMillan]
Researchers scanning the internet for vulnerable embedded devices have
found nearly 21,0[img_assist|nid=901|title=|desc=|link=none|align=left|width=115|height=115]00 routers, webcams and VoIP products open to remote
attack, due to the fact that their administrative interfaces are
publicly viewable from anywhere on the internet and their owners have
failed to change the manufacturer’s default password. Read the full story [Wired/Kim Zetter]
[img_assist|nid=495|title=|desc=|link=none|align=right|width=115|height=115]Adobe isn’t the only software vendor struggling to cope with security vulnerabilities in PDF reader applications. According to reports, there are numerous PDF applications — including Foxit Reader and Xpdf — that allow attackers to infect systems with malware.
From The H Security
The Apache Tomcat developers have released patches to fix three vulnerabilities in their implementations of the Java Servlet and JavaServer Pages technologies. When Tomcat receives a request with invalid headers via the Java AJP connector, it closes the connection without returning an error message. The vulnerability can be exploited by an attacker in load balancing environments to initiate a denial of service (DoS) attack. Read the full story [h-online.com]