Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Microsoft to rush out emergency Windows patch
The company offered few details on why it was releasing the software update, which is rated critical for users of Windows
2000, Windows XP, and Windows Server 2003. A critical flaw is worrisome, however, because it can be exploited by online attackers
to seize control of the PC. The update will be released at 10:00 am, Pacific time, said Microsoft spokesman Christopher Budd
in a blog posting published late Wednesday.
Microsoft advisory
**********
Cisco warns of ASA, PIX vulnerabilities; acknowledges DoS vulnerablities in TCP
Cisco is warning of multiple security holes in its ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances.
It also issued a security response that acknowledges multiple vulnerabilities involving the manipulation of TCP state table
information. Cisco Subnet, 10/22/2008.
Cisco advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
**********
Google patches Chrome 'carpet bomb' bug
Google has patched its Chrome browser to block a months-old bug that can be used to trick people into downloading and launching
malicious code. Computerworld, 10/21/2008.
Google Chrom release highlights
**********
Four new patches from Debian:
qemu (symlink attack, denial of service)
linux-2.6.24 (multiple flaws)
**********
Two new updates from Mandriva:
mon (denial of service, file overwrite)
pam_mount (restrictions bypass)
**********
Today's malware news:
Web Attacks Using Microsoft Help and Support Center Viewer
The Symantec DeepSight Threat Analysis team recently observed an interesting attack development related to a known vulnerability
type. This seemingly new technique allows attackers to execute a malicious payload immediately on a victim's system, where
in the past they weren't able to achieve instant code execution by exploiting such vulnerabilities. Symantec Security Response,
10/22/2008.
Virus.VBS.Confi
One of our Web Security Analysts, Chu Kian, came across a relatively old threat this week. It was during his day-to-day work
that he encountered a VBS malware, Virus.VBS.Confi. It's not something new, detection was added in 2005, but it still works
and it can still infect some unpatched systems if they browse websites with the malware code present. F-Secure, 10/22/2008.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comment