Microsoft Dos Patch
Microsoft Dos Patch
Microsoft: Google exposed IE flaw before we could issue patch
Microsoft is investigating reports of a zero-day vulnerability impacting Internet Explorer based on how it handles CSS. The issue was discovered using cross_fuzz, a browser fuzzing tool created by a Google researcher who went public with the IE flaw because he believes Chinese researchers also recently discovered the same vulnerability.
Jerry Bryant, manager of response communications for Microsoft's Trustworthy Computing group, confirmed that Google provided Redmond with a copy of the fuzzing tool back in July 2010. Neither company found any issues in IE using the initial version of cross_fuzz, but this changed recently when cross_fuzz was updated.
"On December 21, a new version of the tool was reported to us along with information about a potentially exploitable crash found by the new version," Bryant said in a statement. "We immediately worked to reproduce the issue with the updated and original tool and are currently investigating it further to determine if it is actually exploitable."
In a timeline of the events, Zalewski writes that this is incorrect: "the current PR messaging from Microsoft implies that substantial differences existed between July and December fuzzer variants, and that the July 29 could not reproduce the vulnerability outlined in msie_crash.txt. This is inconsistent with my record."
The next day, Microsoft issued Security Advisory (2488013) confirming that the vulnerability impacted all supported versions of IE. Microsoft explained that the vulnerability exists due to the creation of uninitialized memory during a CSS function within the browser, making it possible for the memory to be leveraged by an attacker with a specially crafted webpage.
Details on the IE vulnerability are probably more widely known than Microsoft would like, especially given that the researcher in question, Michal Zalewski released the fuzzing tool to the public on New Years Day. It's worth noting that a Google employee has done this before, disclosing an IE flaw that could allow attackers to steal private information from online services. Then and now, Microsoft argued that details should not be disclosed publicly until a patch is available.
Microsoft argues that Zalewski has increased the risk to IE users since cyber criminals will find a way to exploit the flaw before a patch can be thoroughly tested and widely distributed. At the same time, Microsoft says it is currently unaware of any attacks trying to use the vulnerability. The company is actively monitoring the situation and may provide a security update on an upcoming Patch Tuesday (the next is January 11) or an out-of-cycle patch. Next week is a bit soon for a patch, and the company usually doesn't get fixes out on the next patch cycle. That being said, this time the company can't simply tell users to upgrade to the latest and greatest, since all versions are affected.
See original here:
http://ukbestlaptopbattery.blog.com/microsoft-google-exposed-ie-flaw-before-we-could-issue-patch/
About the Author
We specialize in laptop battery and laptop ac adapter. Give your laptop a new life with higher capacity battery. Each model was engineered for maximum run time so you won't miss those important shots. We are a full service laptop battery distributor offering wholesale price to our customers. We are working hard to make your online shopping easy, fast, convenient and Safe. Please let us know what you think. We are always here to serve your needs and provide quality service. Our products range include replacement computer batteries for most major laptop brands, including Dell, Apple, Compaq/HP, IBM/Lenovo, Fujitsu, Gateway, Sony and Toshiba.
How secure are Microsoft products?
"A 17-year old bug in Windows will be patched by Microsoft in its latest security update."
http://news.bbc.co.uk/1/hi/technology/8499859.stm
"The February update for Windows will close the loophole that involves the venerable DOS operating system."
The article which you link is somewhat misleading, as this security leak has been discovered only a few weeks ago. Microsoft products are just as secure as products by any other company in general.
Microsoft Dos Patch
Monster Hunter 2 Dos patch inglês.
Microsoft provides a monster patch batch
Microsoft released today a record 14 security updates to patch a record tying 34 vulnerabilities in Windows, Internet Explorer(IE), Office and Silverlight.
"Do not get mired in the details," recommended Andrew Storms, director of security operations nCircle Security, as he himself admitted that the sheer number of updates and patches can easily overwhelm the user.
"There are so many fixes here that you can go in different directions," agrees Jason Miller, and data team manager for security patch management vendor Shavlik Technologies. "It may come down to what people are most in attack."
Nobody asks the size of today's Patch Tuesday. Updated August was the largest in history in terms of security bulletins, one month and amounted to a record for each amendment, which first set in October last year and repeated in June 2010. Collection of this month also linked in October 2009 a record for the most critical bulletins.
of 34 bugs, Microsoft rated 14 as "critical", the highest ranking of risks in the company of four-step scoring system. Seventeen was established as "important", and three were marked as "moderate."
Z Microsoft throwing nearly three dozen amendments to the customers, not surprising that scientists do not agree to those which updates should be applied in the first.
"I have to put MS10-056 at the top," said Storms, referring to the three update patch for Office, which includes a pair of critical vulnerabilities in Office 2007 . "Everything you need to do is have an open preview pane[Outlook 2007], and just look at the invalid RTF file," added Storms.
Unlike most uses delivered via e-mail does not require the recipient to open the attachment, the people I know practice is risky. But as noted storms, most users view e-mail without a second thought. "I want to put it in the same category, drive-by," said Storms. "I can imagine someone in the RTF file to hold the engine spam is simply crazy."
While other researchers agreed with Storms that MS10-056 was dangerous, that nominated the various updates – or a combination of renovation – the top pick of the month.
"I'm worried about two updates to the media, MS10-052 and MS10-055 ," said Miller.
these updates, both identified as critical, address a few errors in the two codecs – a program that compresses and decompresses video data – included with Windows.
To Miller, the gaps are videos juicy target for criminals. "They want to see the largest[market attacks], and the media, and social media are so big today," he said. "Everyone looks at things, do not read stuff."
Miller said that the attackers are expected to use the codec errors in the coming month, Microsoft is also undertaking: The Exploitation Index scores, both weak, and "1″ means that provides for active use in the next 30 days.
Wolfgang Kandek, CTO of Qualys, Miller seconded, but included in other newsletters, including six patch update IE, MS10-053 , codec update.
"With so many[updates] Today is an important priority," said Kandek. "And since the majority of attacks today, via the browser, put some updates in the group, which should be used in the first place."
Related Posting Search Result:
Microsoft slates record monster Patch Tuesday next week (0)
Microsoft said today that it will provide a record 14 security updates next week to patch a record tying 34 vulnerabil...
Microsoft to thank Google in the private researcher Windows Error Reporting (0)
Google security engineer, who stirred up the hornets' nest two months ago from the dissemination of critical Windo...
Vista paved the way for a secure Windows, Microsoft says (0)
Despite the widely ridiculed( even Microsoft executives ), Vista OS has played in the end bring about a world of secur...
About the Author
Just a Blogger.I like fresh electric stuffs,like Fresh Android Fresh Tech,alse I pay close attention to Top Technology Reviews. Sometimes I play some games,so I write some Game Reviews.
|
|
WASP TECHNOLOGIES WWS800 Barcode Scanner CCD Wireless Bluetooth PS/2 TTL Decoding Decoded $874.98 The wasp freedom Scanner gives you the Wireless freedom To roam. with the freedom Scanner, you can take Your Scanner To Your inventory instead of Your inventory To Your Scanner. the wasp freedom Scanner uses Bluetooth technology, which allows you To Scan bar codes and transmit the data upwards of 160 feet depending On the Environment. Scan bar codes from 1 To 10 inches with our aggressive CCD Scan... |
|
|
European Air War $14.95 Take to the skies over Europe during the most dangerous days of World War II. Pilot 20 authentic fighter aircraft from America, Britain, and Germany. Plus, Pilot Career mode enables you to improve your skills over time!... |
|
|
Quest for Glory Anthology $169.00 ... |
|
|
Third Reich ... |
|
|
Jane's AH-64D Longbow $34.95 Jane's AH-64D Longbow... |
Microsoft Dos Patch
