Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Microsoft plans puny patch slate next week
Microsoft Thursday said it will release only two security updates on Tuesday -- down from the 11 issued in October's mammoth
Patch Tuesday -- to fix bugs in Windows and Office. One of the two will be rated "critical," Microsoft's highest threat ranking,
while the other will be tagged as "important," the next-lowest rating. Both of the updates will address vulnerabilities that
can be used to execute remote code, a description that generally means hackers could leverage the bugs in order to plant their
own malicious code on vulnerable PCs, often by convincing users to open a file attachment or tricking them into visiting a
rogue Web site. Computerworld, 11/06/2008.
Microsoft advanced advisory
**********
VMware patches Hosted products and ESX/ESXi
According to the VMware advisory, "VMware Hosted products and patches for ESX and ESXi resolve multiple security issues. A
flaw in the CPU hardware emulation may allow for a privilege escalation on virtual machine guest operating systems. In addition
a directory traversal issue is resolved."
**********
Three new patches from Ubuntu:
Netpbm (buffer overflow, code execution)
Tk (buffer overflow, code execution)
**********
Two new updates from Debian:
mysql-dfsg-5.0 (bypass authorization)
**********
Two new fixes from Mandriva:
kernel 2.6 (multiple flaws)
**********
Today's malware news:
Hackers launch PDF attacks, exploit just-patched Reader bug
Attackers are exploiting one of the vulnerabilities in Adobe Reader that was patched earlier this week, a security researcher
warned Friday as he urged users to update as soon as possible. Computerworld, 11/07/2008.
Thousands hit in broad Web hack
Hackers have launched a massive Web hacking campaign, putting malicious links on as many as 10,000 servers, security vendor
Kaspersky Lab warned Friday. IDG News Service, 11/08/2008.
**********
From the interesting reading department:
Rape Support Site Hacked, Becomes A Home For Phishers
This is a particularly thoughtless and poor-taste hack. This is Rapecrisiscenter.org, a support site for people in the Central
Massachusetts area. Unfortunately, the site has apparently suffered multiple attacks which may or may not be related. The
SpywareGuide Greynets Blog, 11/6/2008.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comment