Microsoft plugs critical Vista hole

Virus and Bug Patch Alert This newsletter is sponsored by Symantec Security Information Management Solutions: Beyond Threat Management Learn the latest Security Information Management best practices from IT research firm Forrester Research and Symantec. Watch now and also discover how solutions are evolving, as well as how to get more out of SIM - much more than incident response and threat management. Network World's Virus and Bug Patch Alert Newsletter, 05/24/07 Microsoft plugs critical Vista hole By Jason Meserve Today's bug patches and security alerts: Microsoft plugs critical Vista hole Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw reported last month. PC World, 05/21/07. Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. Microsoft advisory: Vulnerabilities in CSRSS Could Allow Remote Code Execution ********** Cisco patches flaw in Crypto Library A flaw in a third-party cryptographic library used by certain Cisco products could be exploited in denial-of-service attacks. Vulnerable products include Cisco IOS, Cisco IOS XR, Cisco PIX and ASA Security Appliances, Cisco Firewall Service Module (FWSM), and Cisco Unified CallManager. An update is available to fix the flaw. Cisco reports multiple flaws in Cisco IOS According to a Cisco advisory, "Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device." A free update is available. ********** Two new updates from Mandriva: gimp (stack overflow, code execution) Evolution (authentication bypass) ********** Three new fixes from Debian: ClamAV (multiple flaws) Samba (regression error) PHP4 (missing input checks) ********** Four new patches from Ubuntu: pptpd (regression error) Samba (regression error) PHP (multiple flaws) vim (code execution) ********** Today's malware news: New smartphone Trojan has a profit motive Antivirus researchers have turned up three Trojan horse variants that are the most successful attempts yet to steal money from smartphone users. The variants on the Viver Trojan (short for Trojan-SMS.SymbOS.Viver) send text messages to premium-rate numbers in Russia, a tactic used by some previous malware. But Viver is more sophisticated, according to Kaspersky Lab, which discovered all three Trojan variants last week. Computerworld, 05/22/07. ********** From the interesting reading department: Microsoft launches last-ditch defenses against Office exploits Tacitly acknowledging that it cannot completely secure its Office suite against attackers, Microsoft Corp. yesterday promoted a last-ditch defense that lets administrators block users from opening documents. Computerworld, 05/22/07. CSOs lasting longer, but still out after three years The life span of corporate CSOs is increasing, with the average stay about 36 months, up from 24 months just a few years ago, attendees of CSO Bootcamp at Interop Las Vegas were told this week. Network World, 05/23/07. CSOs need to be legal eagles Chief security officers need to comb through the wording of the governmental and industry security regulations their businesses must comply with if they want to secure their networks and stay out of legal trouble. Network World, 05/23/07. If it can protect bombs, why not commercial software, too? A technology used by the U.S. Department of Defense to protect software from piracy and tampering has been released to the commercial sector to help software companies avoid loss of intellectual property, the makers of the product announced Monday. Network World, 05/21/07. Cisco agrees to buy BroadWare for video security Cisco announced an agreement to buy software maker BroadWare Technologies in a bid to improve its video surveillance product offerings, the company said. IDG News Service, 05/22/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Linux users say 'Sue me first, Microsoft' 2. Amero school-scandal case raises questions 3. Cisco routers cause major outage in Japan 4. A cynic rips open source 5. Foundry readies monster Ethernet switch 6. Microsoft's Linux patent bombshell aftermath 7. IT jargon you just love to hate 8. Foundry readies monster Ethernet switch 9. Cisco, RSA to debut SAN-based data encryption 10. Why Argonne has pulled the plug on VoIP MOST E-MAILED STORY: Cisco routers cause major outage in Japan

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Symantec Security Information Management Solutions: Beyond Threat Management Learn the latest Security Information Management best practices from IT research firm Forrester Research and Symantec. Watch now and also discover how solutions are evolving, as well as how to get more out of SIM - much more than incident response and threat management. ARCHIVE Archive of the Virus and Bug Patch Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007