Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

Red Hat News

  • Improving Storage Performance with Ceph and Flash
    Ceph is a storage system designed to be used at scale, with clusters of Ceph in deployment in excess of 40 petabytes today. At LinuxCon Europe, Allen Samuels, Engineering Fellow at Western Digital, says that Ceph has been proven to scale out reasonably well. Samuels says, “the most important thing that a storage management system does in the clustered world is to give you availability and durability,” and much of the technology in Ceph focuses on controlling the availability and the durability of your data. In his presentation, Samuels talks not just about some of the performance advantages to deploying Ceph on Flash, but he also goes into detail about what they are doing to optimize Ceph in future releases.
  • Ceph and Flash by Allen Samuels, Western Digital
  • Red Hat Opens Up OpenShift Dedicated to Google Cloud Platform
    When businesses and enterprises begin adopting data center platforms that utilize containerization, then and only then can we finally say that the container trend is sweeping the planet. Red Hat’s starter option for containerization platforms is OpenShift Dedicated — a public cloud-based, mostly preconfigured solution, which launched at this time last year on Amazon AWS.
  • Volatility Numbers in View for Red Hat, Inc. (NYSE:RHT)

Leftovers: OSS and Sharing

  • Rhizome is working on an open-source tool to help archive digital content
    "The stability of this kind of easy archiving for document storage, review and revision is a great possibility, but the workflow for journalists is very specific, so the grant will allow us to figure out how it could function." Another feature of Webrecorder that journalists might find appealing, and one of the software's core purposes, is to preserve material that might be deleted or become unavailable in time. However, the tool is currently operated under a Digital Millennium Copyright Act (DMCA) Takedown policy. This means any individual can ask for a record of their web presence or materials to be removed, so Rhizome will be working to "answer the more complicated questions and figure out policies" around privacy and copyright with the latest round of funding.
  • An ode to releasing software
    There is one particular moment in every Free and Open Source Software project: it’s the time when the software is about to get released. The software has been totally frozen of course, QA tests have been made, all the lights are green; the website still needs to be updated with the release notes, perhaps some new content and of course the stable builds have to be uploaded. The release time is always a special one. The very day of the release, there is some excitement and often a bit of stress. The release manager(s), as well as everyone working on the project’s infrastructure are busy making sure everything is ready when the upload of the stable version of the software, binaries and source, has been completed. In many cases, some attention is paid to the main project’s mirror servers so that the downloads are fluid and work (mostly) flawlessly as soon as the release has been pushed and published.
  • Diversity Scholarship Series: My Time at CloudNativeCon 2016
    CloudNativeCon 2016 was a wonderful first conference for me and although the whirlwind of a conference is tiring, I left feeling motivated and inspired. The conference made me feel like I was a part of the community and technology I have been working with daily.
  • WordPress 4.7 Content Management System Provides New Design Options
    WordPress is among the most widely used open-source technologies in the world, powering more than 70 million websites. WordPress 4.7 was released Dec. 6, providing a new milestone update including new features for both users and developers. As is typically the case with new WordPress releases, there is also a new default theme in the 4.7 update. The 2017 theme provides users with a number of interesting attributes including the large feature image as well as the ability to have a video as part of the header image. The Theme Customizer feature enables users to more intuitively adjust various elements of a theme, to fit the needs of websites that use will upgrade to WordPress 4.7. In addition, the new custom CSS (Cascading Style Sheets) feature within a theme preview lets users quickly see how style changes will change the look of a site. As an open-source project, WordPress benefits from participation of independent contributors and for the 4.7 release there were 482 contributors. In this slideshow eWEEK takes a look at some of the highlights of the WordPress 4.7 release.
  • Psychology Professor Releases Free, Open-Source, Preprint Software
    The Center for Open Science, directed by University of Virginia psychology professor Brian Nosek, has launched three new services to more quickly share research data as the center continues its mission to press for openness, integrity and reproducibility of scientific research. Typically, researchers send preprint manuscripts detailing their research findings to peer-reviewed academic journals, such as Nature and Science. The review process can take months or even years before publication – if the research is published at all. By contrast, “preprinting,” or sharing non-peer-reviewed research results online, enables crucial data to get out to the community the moment it is completed. That, said Nosek, is critical.
  • Integral Ad Science Launches Open Source SDK to Drive Mobile Innovation for the Advertising Industry
  • Tullett Prebon Information, Quaternion and Columbia University form open source risk collaboration
  • Tullett Prebon Information And Quaternion Risk Management Partner To Enhance Transparency And Standardisation In Risk Modelling – Partnership Fuels Columbia University Research To Improve Understanding Of Systemic Risk
  • Integral Ad Science Partners with Google, Others for Open Source Viewability
  • DoomRL creator makes free roguelike open-source to try and counter Zenimax legal threat
  • DoomRL Goes Open-Source in Face of Copyright Claims
    Earlier this week, ZeniMax Medi hit DoomRL, a popular roguelike version of the original first-person shooter, with a cease-and-desist order. This order instructed producer ChaosForge to remove the free downloadable game to prevent further legal action. Instead of taking it down, co-creator Kornel Kisielewicz turned the game open-source.
  • This Indian software company just partnered with the world’s biggest open source community
    In what can be called a major motivation for Indian tech firms, Amrut Software, an end-to-end Software, BPO services and solutions provider has become a GitHub distributor for India region. GitHub hosts world’s biggest open source community along with the most popular version control systems, configuration management and collaboration tools for software developers. It has some of the largest installations of repositories in the world.
  • Python 3.6 released with many new improvements and features
    Python,the high-level interpreted programming language is now one of the most preferred programming language by beginners and professional-level developers.So,here Python 3.6 is now available with many changes,improvements and of course the ease of Python was not left in the work list.

Security Leftovers