Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

Matching databases to Linux distros

Relational database management systems (RDBMSs) aren’t the sort of thing to get most folk out of bed in the morning – unless, of course, you happen to think they’re one of the most brilliant concepts ever dreamed up. These days you can’t sneeze without someone turning it into a table value in a database somewhere - and in combination with the freely available Linux operating system, there’s no end to them. Most Linux distros make it almost trivial to add popular DBMSs to your system, such as MySQL and MariaDB, by bundling them in for free in their online app stores. But how do you tell which combination - which Linux distro and which DBMS - will give you the best performance? This week we've revved up the Labs servers to ask the question: what level of performance do you get from OS repository-sourced DBMSs? Read more

The Curious Case of Raspberry Pi Consumerism

I find the attitude of many within the Raspberry Pi community to be strange and offensive. I first discovered this odd phenomenon (odd because it contradicts the ethos of the project's academic foundations) back when it first started, as many within the Raspberry Pi community took an extremely hostile attitude toward academic freedom, apparently in defence of various parties' highly dubious intellectual monopolies (Broadcom and MPEG-LA, for example). I pointed out the irony and hypocrisy of their attitude at the time, explaining that they were more than happy to leech Free (as in freedom) Software for their own benefit, but then balked at the prospect of freely sharing the results, and in particular this contradicted their stated academic goal of facilitating better computer education in UK schools, an environment that rightly demands open access to knowledge. Read more

Google Chrome 38 Beta Brings New Guest Mode and Easier Incognito Mode Switching

The developers have explained that the user switching feature has been redesigned and it will make changing profiles and into the incognito mode a lot simple. They have also added a new experimental Guest mode, a new experimental UI for Chrome supervised users has been implemented, and numerous under-the-hood changes have been made for stability and performance. "This release adds support for the new element thanks to the hard work of community contributor Yoav Weiss, who was able to dedicate his time to implementing this feature in multiple rendering engines because of a successful crowd-funding campaign that raised more than 50% of its funding goal." Read more

PfSense 2.1.5 Is a Free and Powerful FreeBSD-Based Firewall Operating System

PfSense is a free network firewall distribution based on the FreeBSD, it comes with a custom kernel, and a few quite powerful applications that should make its users’ life a lot easier. Most of the firewall distros are Linux-based, but PfSense is a little bit different and is using FreeBSD. Regular users won't feel anything out of the ordinary, but it's an interesting choice for the base. The developers of PfSense are also saying that their distro has been successful in replacing a number of commercial firewalls such as Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astar, and others. Read more