- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Oracle issues out-of-cycle patch for flaw
Oracle has released an emergency patch for a flaw the company issued a rare security alert for last week. Administrators should
not apply the work-arounds the company previously recommended and apply the patch, Oracle said.
Oracle advisory
**********
A dozen patches from Microsoft this week
Microsoft Corp. today said it will deliver a dozen security updates next week to fix critical vulnerabilities in Windows,
Office, Internet Explorer (IE) and the media player bundled with Vista. Of the 12 updates it sketched out in the advance notification
issued this morning, Microsoft pegged seven as "critical," its highest threat rating. The remaining five were labeled "important,"
the second-highest ranking. Computerworld, 08/07/2008.
**********
ActiveX Vulnerabilities: Even When You Aren't Vulnerable, You May Be Vulnerable
Recently, we came across a rather unfortunate exploit case for the Access Snapshot Viewer ActiveX Vulnerability that took
advantage of a property of the ActiveX system to exploit IE users who did not have the vulnerable control installed. How does
one exploit a vulnerability that does not exist on a system you say? Sadly, attackers have found a way to install the vulnerable
Access Snapshot Viewer ActiveX control through Internet Explorer prior to exploiting it. Symantec Security Response blog,
08/06/2008.
**********
Five new patches from Gentoo:
ISC DHCP (buffer overflow, denial of service)
stunnel (authentication bypass)
libxslt (heap overflow, code execution)
**********
Four new updates from Mandriva:
Python for Mandriva 2007.1 and greater (multiple flaws)
Python for Corporate 4.0 (multiple flaws)
rxvt (denial of service)
**********
Today's malware news:
SQL Injection Attacks Targeting Chinese-oriented Sites
With all the attention on China these days, especially in conjunction with the Beijing 2008 Olympics Games, and with 'China'
being one of the more popular search engine keywords at the moment, it makes sense for malware writers to focus their attention
on the Chinese web -- and we've been seeing some interesting examples of SQL injection attacks specifically targeting website
designed for a Chinese audience, whether from the mainland or overseas. F-Secure, 08/08/2008.
Jason Meserve is multimedia editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment