Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Critical IE fix due Tuesday

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Critical IE fix due Tuesday
Date: Mon, 10 Apr 2006 04:27:12 -0500 (CDT) 
http://www.theregister.co.uk/2006/04/07/ie_patch_scheduled/

By John Leyden
7th April 2006 

Microsoft has confirmed it plans to release a fix for a serious 
security bug in Internet Explorer next Tuesday (11 April). The fix for 
the "CreateTextRange" vulnerability - which has become the subject of 
hacker exploits over recent days - will be released as a cumulative 
update to Internet Explorer along with four other security bulletins 
(details here [1]).

Late last month, numerous maliciously constructed websites began 
attempting to exploit the "CreateTextRange" vulnerability to install 
Trojans, botnet clients and other forms on malware on victim PCs. This 
malicious activity, together with the lack of an immediate fix from 
Microsoft, prompted two security firms (Determina and eEye Digital 
Security) to each issue standalone patches to mitigate the risk of 
attack. Microsoft advised orgainsations to disable Active Scripting as 
a workaround.

Internet Explorer has become the subject of a number of unpatched
vulnerabilities over recent weeks. In the latest such incident,
security notification firm Secunia warned [2] this week of an
unpatched flaw in IE that might be used to spoof the address bar in a
browser.  Because of this behaviour, the bug might be used to make
phishing attacks more convincing. ®

[1] http://www.microsoft.com/technet/security/bulletin/advance.mspx
[2] http://secunia.com/advisories/19521/



_________________________________
LayerOne 2006 : Pasadena Hilton : Pasadena, CA
Infomation Security and Technology Conference
http://layerone.info
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Critical IE fix due Tuesday, InfoSec News <=
Previous by Date:  [ISN] CBI raids premises of Naval chief's kin, InfoSec News
Next by Date:  [ISN] Laptop thieves descend upon wireless cafes, InfoSec News
Previous by Thread:  [ISN] CBI raids premises of Naval chief's kin, InfoSec News
Next by Thread:  [ISN] Laptop thieves descend upon wireless cafes, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]