Search This Blog

Thursday, May 24, 2007

Microsoft plugs critical Vista hole

Network World

Virus and Bug Patch Alert




Network World's Virus and Bug Patch Alert Newsletter, 05/24/07

Microsoft plugs critical Vista hole

By Jason Meserve

Today's bug patches and security alerts:

Microsoft plugs critical Vista hole

Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw reported last month. PC World, 05/21/07.

Network World Security Buyers Guide

Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise.

Click here to go to the Security Buyers Guide now.

Microsoft advisory: Vulnerabilities in CSRSS Could Allow Remote Code Execution

**********

Cisco patches flaw in Crypto Library

A flaw in a third-party cryptographic library used by certain Cisco products could be exploited in denial-of-service attacks. Vulnerable products include Cisco IOS, Cisco IOS XR, Cisco PIX and ASA Security Appliances, Cisco Firewall Service Module (FWSM), and Cisco Unified CallManager. An update is available to fix the flaw.

Cisco reports multiple flaws in Cisco IOS

According to a Cisco advisory, "Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device." A free update is available.

**********

Two new updates from Mandriva:

gimp (stack overflow, code execution)

Evolution (authentication bypass)

**********

Three new fixes from Debian:

ClamAV (multiple flaws)

Samba (regression error)

PHP4 (missing input checks)

**********

Four new patches from Ubuntu:

pptpd (regression error)

Samba (regression error)

PHP (multiple flaws)

vim (code execution)

**********

Today's malware news:

New smartphone Trojan has a profit motive

Antivirus researchers have turned up three Trojan horse variants that are the most successful attempts yet to steal money from smartphone users. The variants on the Viver Trojan (short for Trojan-SMS.SymbOS.Viver) send text messages to premium-rate numbers in Russia, a tactic used by some previous malware. But Viver is more sophisticated, according to Kaspersky Lab, which discovered all three Trojan variants last week. Computerworld, 05/22/07.

**********

From the interesting reading department:

Microsoft launches last-ditch defenses against Office exploits

Tacitly acknowledging that it cannot completely secure its Office suite against attackers, Microsoft Corp. yesterday promoted a last-ditch defense that lets administrators block users from opening documents. Computerworld, 05/22/07.

CSOs lasting longer, but still out after three years

The life span of corporate CSOs is increasing, with the average stay about 36 months, up from 24 months just a few years ago, attendees of CSO Bootcamp at Interop Las Vegas were told this week. Network World, 05/23/07.

CSOs need to be legal eagles

Chief security officers need to comb through the wording of the governmental and industry security regulations their businesses must comply with if they want to secure their networks and stay out of legal trouble. Network World, 05/23/07.

If it can protect bombs, why not commercial software, too?

A technology used by the U.S. Department of Defense to protect software from piracy and tampering has been released to the commercial sector to help software companies avoid loss of intellectual property, the makers of the product announced Monday. Network World, 05/21/07.

Cisco agrees to buy BroadWare for video security

Cisco announced an agreement to buy software maker BroadWare Technologies in a bid to improve its video surveillance product offerings, the company said. IDG News Service, 05/22/07.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Linux users say 'Sue me first, Microsoft'
2. Amero school-scandal case raises questions
3. Cisco routers cause major outage in Japan
4. A cynic rips open source
5. Foundry readies monster Ethernet switch
6. Microsoft's Linux patent bombshell aftermath
7. IT jargon you just love to hate
8. Foundry readies monster Ethernet switch
9. Cisco, RSA to debut SAN-based data encryption
10. Why Argonne has pulled the plug on VoIP

MOST E-MAILED STORY:
Cisco routers cause major outage in Japan


Contact the author:

Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog.

Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair"



ARCHIVE

Archive of the Virus and Bug Patch Alert Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments: