Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Exploit code loose for six-month-old Windows bug
Microsoft Thursday acknowledged that exploit code is circulating for a vulnerability it acknowledged six months ago, but has
yet to patch. It's not clear whether Microsoft intends to fix the flaw next week. On Thursday, Microsoft revised a security
advisory it first posted April 19 about a bug in Windows XP, Vista, Server 2003 and Server 2008 that could be exploited to
gain additional privileges on vulnerable machines. Computerworld, 10/11/2008.
11 Microsoft security updates due next week
Next week will be a busy one for system administrators as Microsoft is planning to ship 11 security updates -- four of them
rated critical -- for its products. The patches will include fixes for critical security bugs in Windows Active Directory,
Internet Explorer, Excel and the Microsoft Host Integration Server, which integrates Windows computers with IBM mainframes,
Microsoft said Thursday in a note on the patches. IDG News Service, 10/09/2008.
Microsft advance advisory
**********
Apple releases new wide-ranging security update
Apple on Thursday posted Security Update 2008-007, a new security patch for client and server versions of Mac OS X 10.5 "Leopard"
and Mac OS X 10.4.11. The update is available for download from the Software Update system preference or from Apple's Web
site. Multiple vulnerabilities have been address in the Apache 2.2.9 release, the most serious of which may lead to cross
site request forgery. Root certificates have been updated, added to the list of system roots. ClamAV -- the open-source anti-virus
software included on Mac OS X Server -- was updated to 0.94, addressing problems that could lead to arbitrary code execution.
Macworld, 10/09/2008.
Apple advisory
**********
Two new patches from Gentoo:
Portage (root privileges, code execution)
WordNet (multiple flaws)
**********
Today's malware news:
Trojan.Silentbanker Decryption
On Monday we saw that Trojan.Silentbanker had added rootkit functionality in order to hide its own files. Today we'll look
at another change that the new version of the Trojan has introduced, namely, the new configuration file format that the Trojan
uses. Symantec Security Response, 10/10/2008.
**********
From the interesting reading department:
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comment