M-027: Microsoft Internet Explorer-Content Type Falsification (Three ::
PATCHES: http://www.microsoft.com/windows/ie/downloads/critical/Q313675/default.asp via this vulnerability, she would need to craft a specially formed web
http://www.ciac.org/ciac/bulletins/m-027.shtmlHOME |
Microsoft released two security bulletins on Patch Tuesday and it revised a patch originally released in October.
Developers issued a cumulative security update to vulnerabilities discovered in Internet Explorer.
Microsoft Fixes 23 Flaws, Including Bug With MSBlast Potential ::
It isnt the usual Patch Tuesday at Microsoft. Rather, its a record-breaker. Both the number of bugs disclosed and the tally of critical fixes broke previous records.
http://www.informationweek.com/news/windows/microsoft_news/showArrticleID=191801689&pgno=2HOME |
Microsoft patches serious IE flaws - ZDNet.co.uk::
Microsoft on Tuesday provided a fix for a critical security flaw in Windows that is being exploited in online attacks against Internet
http://news.zdnet.co.uk/security/0,1000000189,39241875,00.htmHOME |
COM object instantiation memory corruption and mismatched DOM objects memory corruption vulnerabilities were deemed critical in all versions of IE except IE 6 for Windows Server 2003.
Left unpatched, the vulnerabilities could allow an attacker to take complete control of the user's PC, though the user would first have to visit a Web site or open an e-mail message containing the exploit.
Patches out for IE holes, Sony-related issue | Tech News on ZDNet::
Microsoft on Tuesday provided a fix for a critical security flaw in Windows The IE flaws could be used to craft a malicious Web site that will automatically
http://news.zdnet.com/2100-1009_22-146017.htmlHOME |
Ed Brill::
McAfee Avert Labs Blog: Microsoft has patched more critical vulnerabilities than 2004 and 2005 combined How many security patches have been released for
http://www.edbrill.com/ebrill/edbrill.nsf/dx/mcafee-avert-labs-blned?opendocument&commentsHOME |
The moderate IE flaws deal with a manipulation vulnerability in the file download dialog box and a vulnerability in the HTTPS proxy.
The second security bulletin, MS05-055, is a fix to the Windows kernel that, left unchecked, would give the attacker elevation of privilege permissions on the computer, such as administrator rights.
Because the attacker would have to log on to a machine with a valid login and run a program locally, the security bulletin was rated "important," rather than "critical."
The vulnerability is a flaw in the asynchronous procedure call (APC) function in Windows 2000 Service Pack 4, reported by security firm eEye Digital Security in May. Security experts said that while in and of itself the vulnerability is important, its use in a blended attack -- such as an e-mail worm or virus -- makes it critical because it would give the attacker a remote means to take over the machine.
"This vulnerability is unusual in that it represents a growing trend of blended threats attackers are using to subvert systems remotely," Marc Maiffret, eEye co-founder and chief hacking officer, said in a statement. "These types of threats highlight the need for enterprises to focus on host-based solutions that enable them to make their networks zero-day immune."
A revised patch for MS05-50, originally released in October to plug a DirectShow vulnerability, was released today as well for customers using Windows 2000 Service Pack 4, Windows XP SP 1 and Windows 2003.
Pre-Article:AT&T on the Webcast Security Beat
Next-Article:Angling to Guard Inside Information |
PRINT
Add to favorites