Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Microsoft Patches Flaw in Service Pack 2

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Microsoft Patches Flaw in Service Pack 2
Date: Wed, 12 Jan 2005 09:38:44 -0600 (CST) 
http://www.washingtonpost.com/wp-dyn/articles/A1504-2005Jan11.html

By Brian Krebs
washingtonpost.com Staff Writer
January 11, 2005

Microsoft Corp. on Tuesday issued a trio of software updates to fix
security holes in computers powered by its Windows operating system,
including one flaw that hackers are using to infiltrate PCs equipped
with a massive security upgrade the company released just five months
ago.

The three patches, available at http://windowsupdate.microsoft.com,
mend four different software holes. Two of the patches earned a
"critical" rating from Microsoft, its most serious. The software giant
said attackers could exploit three of the flaws merely by convincing
users to visit a malicious Web site or open a specially crafted
e-mail.

The most severe of the flaws involves a glitch in the way Windows
handles requests for "HTML help," a function that uses Microsoft's
Internet Explorer Web browser to display instructions for using a
variety of computer programs. The help-file flaw is present in nearly
all versions of Windows, including computers running Windows XP that
also have the Service Pack 2 security upgrade installed.

Service Pack 2 was released to the public in August to fix a number of
persistent security problems and two switch on key Windows XP security
features, such as automatic downloading and installation of patches
and a firewall to block unwanted Internet traffic.

Stephen Toulouse, Microsoft's security program manager, said the
company has seen only a handful of attempts to exploit the help-file
security flaw.

"Still, any amount of exploitation concerns us, and this update
addresses that," he said.

Oliver Friedrichs, senior manager of security response for Cupertino,
Calif.-based security firm Symantec Corp., said his company has seen
at least three different cases where malicious Web sites have used the
help- file weakness to install spyware on vulnerable computers.

Friedrichs cautioned that the other three security flaws remain
serious threats, as computer code demonstrating how attackers could
wield at least one of them now is publicly available online.

Microsoft also released today a "malicious software removal tool,"  
which scours Windows PCs for some of the more prolific Internet worms,
including "Blaster," "Sasser," "Mydoom," "Gaobot" and "Nachi." The
tool will be distributed to the more than 112 million Windows users
who have opted to accept automatic security updates from Microsoft and
will be updated once a month, Toulouse said.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Microsoft Patches Flaw in Service Pack 2, InfoSec News <=
Previous by Date:  Re: [ISN] Security researcher to be jailed for finding bugs in software?, InfoSec News
Next by Date:  [ISN] Intelligence Conference & Exposition, Feb 8-10, 2005, InfoSec News
Previous by Thread:  Re: [ISN] Security researcher to be jailed for finding bugs in software?, InfoSec News
Next by Thread:  [ISN] Intelligence Conference & Exposition, Feb 8-10, 2005, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]