Microsoft and Safari patches rule the day

Virus and Bug Patch Alert This newsletter is sponsored by Microsoft NAS - The Answer To Your Storage Problems? Where should you deploy NAS? How does it compare to SAN in scalability, performance and manageability? Get answers with John Dix, Network World Editor-in-Chief, and storage analyst Russ Fellows as they provide an inside look at issues, trends and new developments with this fast-evolving technology. Click here to watch. Network World's Virus and Bug Patch Alert Newsletter, 06/14/07 Microsoft and Safari patches rule the day By Jason Meserve Today's bug patches and security alerts: Microsoft patches bugs in Windows, IE, Outlook Express As Microsoft Tuesday patched 15 vulnerabilities in its operating system, browser, and other software, security experts argued over which should be fixed first. The month's six updates fixed multiple bugs in all currently-supported versions of Windows; in Internet Explorer (IE), both IE 6 and IE 7; in yet another member of the Office family; and in the entry-level e-mail clients Outlook Express and Windows Mail. Of the 15 flaws, 9 were labeled critical, Microsoft's most serious threat ranking, while 2 were pegged as important and 2 judged moderate. Computerworld, 06/12/07. Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. Microsoft advisories: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution Cumulative Security Update for Internet Explorer Cumulative Security Update for Outlook Express and Windows Mail Vulnerability in Win32 API Could Allow Remote Code Execution Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution Vulnerability in Windows Vista Could Allow Information Disclosure Related US-CERT advisory ********** Apple patches flaws in Safari beta for Windows Apple launched a Safari beta for Windows this week and already needs to issue security patches for it. A couple of flaws could allow for code to be run on an affected machine when a user visits a malicious Web site. Users should download the latest version of Safari to fix the problems. ********** Five new updates from Debian: Freetype (integer overflow, code execution) lighttpd (denial of service) Icedove (multiple flaws) Xulrunner (multiple flaws) OpenOffice.org (heap overflow, code execution) ********** Three new fixes from Mandriva: libexif (integer overflow, code execution) Thunderbird (multiple flaws) Firefox (multiple flaws) ********** Four new patches from Ubuntu: libexif (integer overflow, code execution) libgd2 (buffer overflow, code execution) libpng (denial of service) xscreensaver (authentication bypass) ********** Today's malware news: New type of image spam hides in e-mail wallpaper A new type of image spam found this week is able to bypass many filters by presenting a message as wallpaper within an e-mail, according to the vendor Secure Computing. Network World, 06/13/07. FBI: Operation Bot Roast finds over 1 million botnet victims The Department of Justice and FBI today said ongoing investigations have identified more than 1 million botnet crime victims. Network World, 06/13/07. ********** From the interesting reading department: Hackers access personal info on varsity faculty members About 6,000 current and former University of Virginia (UVa) faculty members are being notified that their names, Social Security numbers and birth dates may have been stolen by computer hackers between May 2005 and April 19 of this year. Computerworld, 06/11/07. Hackers audition Yahoo Messenger exploits Users of Yahoo's Messenger software should patch the program as soon as possible, security vendors said today, because hackers are now using exploits that target the instant messaging application. Computerworld, 06/11/07. How DOE lab secured campus with wireless The terms "wireless" and "security" don't always go hand-in-hand. But the Energy Department's Pacific Northwest National Laboratory is proving that these concepts are compatible with an innovative system that uses cutting-edge wireless technology to improve campus security. Network World, 06/12/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Who are the 3 faces of Vista? 2. FBI: Operation Bot Roast finds over 1M botnet victims 3. Juniper feels growing pains 4. Wireless networks: The burning questions 5. Xen: Moving beyond VMware 6. How DOE lab secured campus with wireless 7. Top 15 USB geek gadgets 8. Marriott's converged network 'horror story' 9. Bill Gates' Harvard commencement speech 10. Vista not playing well with IPv6 MOST E-MAILED STORY: Bill Gates' Harvard commencement speech

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Microsoft NAS - The Answer To Your Storage Problems? Where should you deploy NAS? How does it compare to SAN in scalability, performance and manageability? Get answers with John Dix, Network World Editor-in-Chief, and storage analyst Russ Fellows as they provide an inside look at issues, trends and new developments with this fast-evolving technology. Click here to watch. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007