Software Patches
IE 8 beta, Vista SP1 by year’s end?
Microsoft usually takes its own cool time releasing updates to its market-dominating Internet Explorer browser, so the latest rumor comes as a surprise: Microsoft will allegedly release a beta of IE8 before the year is out, according to TheHotfix.net. What’s more, Windows Vista Service Pack 1 also will supposedly ship alongside the IE8 beta, …
Apple cleans a few more Safari bugs off Windows
Just two weeks after offering the first fixes for the Windows version of its Safari browser, Apple is at it again, plugging two more holes in the browser that could allow devious Intervillains to launch spoofing and HTTP redirection attacks on unsuspecting users. Both vulnerabilities affect Windows XP and Vista systems while the HTTP redirection bug also affects OS X users. This marks …
HP Help and Support Center helps hackers
If you support HP laptops in your organization, look out. Apparently the HP Help and Support Center–a utility for care and maintenance that ships with every HP laptop–contains a serious security vulnerability that could be exploited by a hacker to seize control of a Windows XP machine. According to HP, the vulnerability “exploits a buffer overflow condition, which may [allow] a malicious website to read or write files on the PC.” HP has released an update for the utility as an .exe file …
Apple patches three Safari flaws in Windows
Well, that was fast. As you’ll recall, Apple released a beta of Safari 3.0 for Windows on Monday and before the day was out, hackers had released details on a number of security flaws in the browser. A mere three days later, however, Apple has released a fix for at least one of those flaws, a remote code execution bug found by Danish hacker Thor Larholm, as well as two …
Hackers respond to Patch Tuesday with exploits
Microsoft may have rolled out 15 patches this week but the company’s game of cat and mouse with hackers is far from over. Instead of a pat on the back, hackers responded to Patch Tuesday with what ZDnet‘s Ryan Naraine is calling “Exploit Wednesday”: three proof-of-concept exploits within 24 hours of Microsoft’s patch releases. “Two of the three target gaping holes in the …
Patch Tuesday: Critical Vista, IE7 patches released
As we mentioned last week, Microsoft is releasing six security bulletins today, four of which have been characterized as “critical.” That makes for 15 patches total, including patches for critical code execution vulnerabilities in Windows Vista and Internet Explorer 7. The most serious patch is a cumulative Internet Explorer update, which affects versions 5.01-7 of the popular …
Apple rolls out 17 patches via security update
2007 isn’t looking like a good year for Mac zealots who love to crow about how secure their platform of choice is: Apple just rolled out a security update last night, its fifth this year, containing patches for 17 potentially serious OS X bugs. That brings the grand total of OS X patches for 2007 up to a whopping 109. Among the fixes is a patch for a CoreGraphics bug that could allow a hacker to launch code execution attacks via a rigged PDF file. “By enticing a user to open a maliciously …
Vista SP1 spotted in the wild, coming soon?
Microsoft has been mum on the topic of when we’ll see the first service pack for Windows Vista for a while now. Perhaps they’re simply trying to see how long those “I’ll buy Vista when SP1 is out” folks will wait before eventually caving in? Regardless of the reason, Microsoft has been quite vague about the launch window for Vista SP1, leaving some folks to wonder whether there …
Microsoft to offer tool for isolating zero-day exploits
If you pay any attention to the vulnerabilities that pop up in Microsoft’s Office products, you’ve probably noticed a trend. New exploits that take advantage of bugs in the Office suite just keep coming, delivered to users’ inboxes via .doc, .xls and .ppt documents. Unsurprisingly, it’s the older versions of Office that have been the hardest hit: since January of 2006, Microsoft has released 20 bulletins for code-execution vulnerabilities in Office 2003.
It should come as no …
Microsoft Patch Tuesday brings 14 critical patches
Yesterday’s Patch Tuesday brought 19 fixes from the folks at Microsoft HQ, with 14 of them being deemed “critical.” The patches plugged holes in Excel, Word, Office, Exchange, Internet Explorer and most importantly, the now infamous zero-day DNS bug. There’s a high percentage of …
Critical Office, Windows fixes coming next week
May’s installment of Patch Tuesday is coming next week and here’s what we can expect, according to the folks at Microsoft:
- Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart.
- Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart.
- One Microsoft Security …
Apple issues Quicktime security update
Well, that was fast. As many Mac fans have doubtless already noticed, the company has issued a security update for Quicktime that fixes a vulnerability that was recently discovered by researcher Dino Dai Zovi during the “PWN to Own” contest. Exactly one week ago, researchers discovered that …
Storm worm masquerades as patch, storms on
A new variant of the dreaded “Storm Worm” is hitting inboxes around the world, disguising itself as a fix for infected PCs. Users receive an email with a subject line like “Virus Activity Detected!” Upon opening the email, the user is greeted by a password-protected .zip file that contains the “fix,” which is, actually–you guessed it–the virus. Upon making its home as a rootkit on the local hard …
Hackers exploiting unpatched Windows DNS bug
Just a few days after Microsoft issued its customary round of Patch Tuesday fixes, the company has revealed that hackers are now exploiting a yet-unpatched DNS vulnerability. “An anonymous attacker could try to exploit the vulnerability by sending a specially crafted RPC packet to an affected system,” Microsoft said in a security advisory. Some security experts are deeming the bug “critical,” though it is only being used in …
April Patch Tuesday roundup
Patch Tuesday has again come and gone and Microsoft’s new OS, Vista, has again been patched–for the second time this month, to be exact. Of the five security bulletins released this month, four have been rated “critical” by the company. The patches repair eight vulnerabilities in various versions of Windows and Microsoft Content Management Server. Here’s a brief rundown of the fixes:
- MS07-018 (Critical): Fixes two bugs in Microsoft’s Content Management …
Mozilla to issue workaround for .ANI bug
This whole .ANI (Windows Animated Cursor) exploit fiasco sure is making Mozilla look bad. Some accused the foundation of dragging its feet when a patch wasn’t issued in a timely manner and for not taking advantage of Protected Mode in Windows Vista, which can help lessen the damage in the event of an attack. Mozilla, however, asserts that this is a flaw in Windows and as such, …
Firefox 2/IE 7 animated cursor exploit on the way
In a column for ZDnet, George Ou reveals that security firm Determina plans to release a proof of concept animated cursor exploit that will allow attackers to hijack Mozilla 2 and IE7 running on Vista. An attack could allegedly be stopped by Microsoft’s DEP (Data Execution Prevention) in Windows XP SP2 and Vista but is confoundingly turned off by default in most Windows …
Windows flaw gets critical, patch coming tomorrow
Remember that zero-day bug that was recently discovered in Windows Active Cursor? Well, if you were hoping that it was all going to simply blow over, today is not your lucky day. Exploit code is now being used on 150 websites that take advantage of the vulnerability, causing memory corruption in unsuspecting PCs. As reported earlier, the flaw effects users running Windows Vista, …
Zero-day Windows bug effects Vista, XP, Windows 2K
In a security advisory posted on the Microsoft Security Response website this morning, the company acknowledged a vulnerability in Windows’ animated cursor, which could allow for remote code execution on a user’s local machine. “An attacker could try to exploit the vulnerability by creating a specially crafted Web page,” the company warned on its website. “An attacker could also create a specially crafted email message and send it to an affected system. Upon viewing a Web page, previewing …
New version of Firefox patches FTP flaw
Mozilla has released a new version of Firefox in order to patch a flaw in the browser’s handling of the FTP protocol. The flaw, which was designated as “low risk,” could allow an attacker to perform a basic port scan of other machines on the same network. While this poses little risk in and of itself, it could prove dangerous if there are other vulnerabilities present in the network. And you probably don’t want those hackers sniffing around your network anyway. Firefox users are advised …
DST issues wreak havoc on Outlook scheduling
Yesterday, we cautiously reported that everything seemed to be fine with Microsoft software, despite Sunday’s Daylight Savings Time change. Boy, we really should have known better than that. One day later, users are reporting scheduling problems with Microsoft Outlook, the de facto email and calendar app for many enterprises. “Our calendaring system is pretty messed up right now. The …
This month’s Patch Tuesday: non-existent
Admins everywhere will breathe a collective sigh of relief this Tuesday: for this first time since launching Patch Tuesday in September 2005, Microsoft will not issue any fixes this month. Now that doesn’t mean that you’re completely off the hook: There’s still the matter of DST patches to tend to. However, if you’ve already taken care of that matter like a good IT Admin should, …
Windows users panic over Daylight Savings patches
You know, I must say that it was a little uncharacteristic when Microsoft rolled out its patches for the upcoming Daylight Savings Time change: they were on time, there were no known bugs and there were no complaints from users. That is, until now. Apparently Microsoft’s support forums are being flooded by panicked users and admins who can’t get the patches to work. “The …
Visual Studio 2005 SP1 for Vista coming soon
Surprisingly soon after releasing Visual Studio 2005, Microsoft has announced that the first service pack for the development platform is on the way and will see the light of day within the next two weeks. As its name suggests, Visual Studio 2005 Service Pack 1 Update for Windows Vista has been designed to allow developers to take better advantage of the features in Windows Vista. “It’s not a large release in terms of things it addresses,” said Jay Roxe, group product manager for Visual …
Microsoft to rise early for Daylight Savings change
Last month, we briefly mentioned the upcoming Daylight Savings Time change and how it might affect your life from a computing standpoint. But don’t start stacking those canned goods up in your bomb shelter yet: Microsoft has unveiled its plan for 2007 Daylight Savings domination compatibility. The company will push out an update via Windows Update, ensuring that …