Language Selection

English French German Italian Portuguese Spanish

Finally some real coverage of MS

Filed under

Microsoft warns of serious computer security hole

SAN JOSE, Calif. -

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem.

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it's because the vulnerabilities are very serious.

A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.

More in Tux Machines

Intel Cache Allocation Technology / RDT Still Baking For Linux

Not mentioned in my earlier features you won't find in the Linux 4.9 mainline kernel is support for Intel's Cache Allocation Technology (CAT) but at least it was revised this weekend in still working towards mainline integration. Read more Also: Intel Sandy Bridge Graphics Haven't Gotten Faster In Recent Years

Distributing encryption software may break the law

Developers, distributors, and users of Free and Open Source Software (FOSS) often face a host of legal issues which they need to keep in mind. Although areas of law such as copyright, trademark, and patents are frequently discussed, these are not the only legal concerns for FOSS. One area that often escapes notice is export controls. It may come as a surprise that sharing software that performs or uses cryptographic functions on a public website could be a violation of U.S. export control law. Export controls is a term for the various legal rules which together have the effect of placing restrictions, conditions, or even wholesale prohibitions on certain types of export as a means to promote national security interests and foreign policy objectives. Export control has a long history in the United States that goes back to the Revolutionary War with an embargo of trade with Great Britain by the First Continental Congress. The modern United States export control regime includes the Department of State's regulations covering export of munitions, the Treasury Department's enforcement of United States' foreign embargoes and sanctions regimes, and the Department of Commerce's regulations applying to exports of "dual-use" items, i.e. items which have civil applications as well as terrorism, military, or weapons of mass destruction-related applications. Read more

Linux Kernel News

Games for GNU/Linux