Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Researchers have stumbled on yet another vulnerability in a Windows operating system. Vista users could be at risk of having malicious code run on their system if hackers figure out how to exploit a pair of buffer overflow vulnerabilities in Vista's Device IO Controlm, according to researchers at Phion. Microsoft has yet to comment on the findings, but the next scheduled patch cycle is still two weeks away.
Researchers find vulnerability in Windows Vista
An Austrian security vendor has found a vulnerability in Windows Vista that it says could possibly allow an attacker to run
unauthorized code on a PC. The problem is rooted in the Device IO Control, which handles internal device communication. Researchers
at Phion have found two different ways to cause a buffer overflow that could corrupt the memory of the operating system's
kernel. IDG News Service, 11/20/2008.
No updates or workaround available from Microsoft yet.
**********
Apple patches 12 iPhone bugs, adds Street View, podcast downloads
Apple Inc. early today released iPhone 2.2, the first update to the phone's firmware in more than two months, patching a dozen
security vulnerabilities and adding several new features, including Google Street Views to the device's mapping tool. Computerworld,
11/21/2008.
Apple: iPhone OS 2.2 and iPhone OS for iPod touch 2.2
**********
Three new patches from Mandriva:
kernel for 2009.0 (multiple flaws)
libcdaudio (heap overflow, code execution)
kernel for Corporate 4.0 (multiple flaws)
**********
Three new updates from rPath:
httpd mod_ssl for rPath Linux 1 (multiple flaws, denial of service)
httpd mod_ssl for rPath Linux 2 (multiple flaws, denial of service)
gvim (multiple flaws, code execution)
**********
Today's malware news:
Symantec sees spike in dangerous Microsoft attacks
Symantec is warning of a sharp jump in online attacks that appear to be targeting a recently patched bug in Microsoft's Windows
operating system, an analysis that some other security companies disputed Friday. IDG News Service, 11/22/2008.
Symantec: Increase in Exploit Attempts Against MS08-067
Three malware types in a single strain
PandaLabs, Panda Security's laboratory for detecting and analyzing malware, has warned about the appearance of a fake email
message from Brazil's Federal Police being used to spread Banbra.GDB. This new malware strain has characteristics of thee
different types of malicious code: downloader Trojans, banker Trojans and spammer worms. Panda Security, 11/22/08.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comment