Language Selection

English French German Italian Portuguese Spanish

Finally some real coverage of MS

Filed under
News

Microsoft warns of serious computer security hole

SAN JOSE, Calif. -

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem.

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it's because the vulnerabilities are very serious.

A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.

http://tech.yahoo.com/news/ap/20090707/ap_on_hi_te/us_tec_microsoft_security

More in Tux Machines

No Ubuntu Back Doors, Windows and Mac Migrations

Today in Linux news Microsoft's market share has dipped below 90% and Mac is disappearing from Linux conventions. Ubuntu founder Mark Shuttleworth said in an interview today that security and encryption are a commitment of Ubuntu's. Jesse Smith reviewed the latest version of Ubuntu and OMG!Ubuntu! shared some glimpses of Ubuntu in the wild. Bryan Lunduke listed 12 "Linux geeks" all users should follow on social media and Sandra Gittlen highlighted six colleges that "immerse students in Open Source." Read more

pfSense 2.3 Open-Source BSD Firewall Gets Patch That Fixes NTP Security Issues

pfSense developer Chris Buechler announced the availability of a small update for the stable pfSense 2.3 open-source firewall platform based on the FreeBSD operating system. Introduced as pfSense 2.3 Update 1, this is a small patch that only fixes the recently discovered security issues in the Network Time Protocol (NTP) packages, upgrading them from version 4.2.8p6 to 4.2.8p7, and it shouldn't be confused with pfSense 2.3.1, which will be released in the coming weeks as the first maintenance build. Read more

Contributing to open source software with Ian Varley of Salesforce

With open source, you're expanding the sphere of people who might potentially care a lot about your code. You find others who have similar problems, and who can leverage your work and maybe even extend it. The knowledge that you've helped someone avoid "rebuilding the wheel" is really gratifying, and it's amplified when those people actually start getting so involved that they give you contributions of code or ideas. The project picks up steam, and you might even get unforeseen help tackling those issues you didn't have bandwidth to tackle yourself. Really, it's the gift that keeps on giving. Read more

IPFire 2.19 Core Update 101 Patches Cross-Site-Scripting Vulnerability in Web UI

The development team behind the IPFire software have announced the general availability of the Core Update 101 of the IPFire 2.19 Linux kernel-based firewall distribution. Read more