Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

Knoppix 7.4.1 Updated with New Linux Kernel and Multiple Fixes – Gallery

Knoppix 7.4.1, a bootable Live CD/DVD made up from the most popular and useful free and open source applications, backed up by automatic hardware detection and support for a large number of hardware devices, has been released and is now available for download. Read more

Hackable $39 Allwinner A20 SBC packs HDMI and GbE

The $39 hackable “pcDuino3Nano” SBC runs Android or Ubuntu on a dual-core Allwinner A20 SoC, and offers GbE, HDMI, and 3x USB, plus Arduino-style expansion. It appears we have a new price/performance standout in the open source single board computer game. Longmont, Colorado based LinkSprite Technologies, which hosts the open source project for Allwinner-based pcDuino SBCs, has just announced a $39 board with a set of features that would typically go for about $60. The pcDuino3Nano offers the same dual-core, 1GHz Cortex-A7 system-on-chip and all the other features of the $77 pcDuino3 SBC except for the LVDS interface, I2S stereo digital audio output, and built-in WiFi. It also adds a second USB 2.0 host port, and upgrades the LAN interface from 10/100 to 10/100/1000 Ethernet. Read more

New Video Series Teaches Kids About Linux

Growing up in rural Utah, brothers Jared and JR Neilsen spent their free time recording videos that starred a cast of homemade puppets. As adults they've reconvened to create their own web series,Hello World, which aims to teach kids about computer science. The latest segment in the series, “Superusers: The Legendary GNU/Linux Show,” is focused on teaching Linux fundamentals. Puppets Adelie the penguin and Aramis the gnu lead kids on operating system adventures to teach topics such as how to use commands, write basic shell scripts, and find a file or directory. “We wanted to do something creative and fun, merging the adventures of our youth with our current interests in computer science,” Jared Neilsen said, via email. “It's a pastiche of things we love: puppets, surreal British comedy, philosophy, music, superhero cartoons, and Linux, of course.” Read more

Google's Chrome Strategy Heads in New Directions, Draws Linux Comparisons

Google's Chrome browser and Chrome OS operating system are grabbing headlines this week for several reasons. As Susan reported here, Matt Hartley said recently, 'Anyone who believes Google isn't making a play for desktop users isn't paying attention.' Hartley favors putting Linux in front of a lot of potential Chrome OS users, and says "I consider ChromeOS to be a forked operating system that uses the Linux kernel under the hood." Read more