Sat, 06 Sep 2008 04:00:00 GMT
2008-09-06T04:00:00Z - As Google enters its second decade of existence with no apparent rivals for the search-king throne, industry observers warn that the company's biggest enemy may be itself.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Google, which celebrates 10 years of its incorporation this month, remains strongly committed to its Enterprise unit and to the customers it serves, including IT and business managers and CIOs, although most of the company's revenue comes from online advertising.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Nokia is expanding the capabilities of its online content-sharing site, Ovi, as it steps up competition with other providers of services that link mobile phones to online services.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Observers say Oracle has finally made substantial progress on its next-generation Fusion Applications suite, more than three-and-a-half years after the project was first announced.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - The Democratic and Republican candidates for U.S. president aren't giving enough emphasis to privacy and civil rights issues, the Electronic Privacy Information Center (EPIC) and Bob Barr, the Libertarian candidate for president, said Friday.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Most computer industry companies would feel satisfied with ruling the highly lucrative and technically complex search engine advertising market -- but not Google.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - The disk storage industry defied economic gloom in the second quarter with strong increases in both capacity sold and revenue, according to two research companies.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - MySQL cofounder Michael "Monty" Widenius is contemplating resigning from his position at Sun Microsystems, which bought the open-source database company earlier this year, according to a blog post Friday by Kaj Arnö, vice president of community relations for MySQL.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Google garnered headlines all week with its new Chrome browser. Rival Microsoft announced it will release just four patches next Tuesday, but that may not be cause to think the day will be an easy one for those responsible for keeping systems patched. Also looking ahead, Apple is expected to announce iPod news. Otherwise, a warning was issued about new trickery from spammers and in case we all weren't aware of it by now, social-networking sites could be ripe for malware.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - The Sierra Leonean media has fallen behind in the use of IT, said Tonya Musa, a media consultant and lecturer at Fourah Bay College, in an interview after a training program for journalists last week.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - As part of Zain Sierra Leone's expansion strategy, the company's network has moved from its previous 076 code to 078, director of sales and customer care Keith Tukei revealed Thursday.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - The home improvement retailer announced that it found a replacement for its retiring CIO, Bob DeRodes. Home Depot's new CIO most recently worked for eBay and previously for Wal-Mart.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Police in Zambia have arrested three Zain Zambia employees for stealing US$10,000 belonging to the company.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Dell's new netbook, the Inspiron Mini 9, will be sold with built-in mobile broadband by Vodafone, the companies announced on Thursday. The deal is part of a growing trend, as operators try to find new growth opportunities.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Mobile phone operator Zain Kenya has commenced a two-year, 25 billion Kenyan shilling (US$366.3 million) expansion program with an initial investment of 3 billion shillings to upgrade its network.
Thu, 28 Aug 2008 04:00:00 GMT
2008-08-28T04:00:00Z - The Canadian provincial government is making a move towards Microsoft Vista. A Montreal-based industry association says other alternatives should have been considered. In this article from ComputerWorld Canada, a lawyer looks at software procurement's changing landscape.
Thu, 28 Aug 2008 04:00:00 GMT
2008-08-28T04:00:00Z - Microsoft is poised to be an important player in service-oriented architectures. Longtime open-source advocate Nicholas Petreley sums up the reason in two words: Steve Ballmer.
Fri, 15 Aug 2008 04:00:00 GMT
2008-08-15T04:00:00Z - Linux kernel creator sounds off on hype surrounding security software vulnerabilities, his disclosure model for the Linux security list and his controversial thoughts about the OpenBSD "monkeys."
Fri, 15 Aug 2008 04:00:00 GMT
2008-08-15T04:00:00Z - Federal Appeals Court ruling helps dispel uncertainty for business users of open source software licenses.
Thu, 07 Aug 2008 04:00:00 GMT
2008-08-07T04:00:00Z - Bob Sutor, open source and standards VP at IBM makes 8 predictions for Linux and open source during Black Hat conference.
Wed, 06 Aug 2008 04:00:00 GMT
2008-08-06T04:00:00Z - Canonical announced plans to offer a software stack that includes several enterprise-ready open-source applications.
Mon, 04 Aug 2008 04:00:00 GMT
2008-08-04T04:00:00Z - It's hard enough for managers to motivate and track employees whose livelihood depends on doing a good job. Imagine the project management task for Linux, the free software operating system. Linus Torvalds explains how he keeps the people and software on-track, with the software quality the operating system demands.
Mon, 04 Aug 2008 04:00:00 GMT
2008-08-04T04:00:00Z - Esther Schindler came home from OSCON with thoughts on growing the size of the pool in open-source development communities. And it's all upbeat news. She shares thoughts from Mark Shuttleworth on effective teamwork, from Pia Waugh on encouraging more women to get into IT, and from community leaders on "anti-patterns" in community management.
Thu, 31 Jul 2008 04:00:00 GMT
2008-07-31T04:00:00Z - So you think you don't have the money to find out if SOA can save you money? Test the waters with Open Source SOA. You might find out that Open Source is what you've needed all along.
Thu, 24 Jul 2008 04:00:00 GMT
2008-07-24T04:00:00Z - At this week's Open Source Convention, Tim O'Reilly identified the next three opportunities and challenges the community should pay attention to: cloud computing, the open programmable Web and open mobile. But open source is a philosophy, not just a technology; another speaker exhorted attendees to get involved in a larger effort to influence the nation's security and privacy practices.
Fri, 05 Sep 2008 04:00:00 GMT
2008-09-05T04:00:00Z - Google garnered headlines all week with its new Chrome browser. Rival Microsoft announced it will release just four patches next Tuesday, but that may not be cause to think the day will be an easy one for those responsible for keeping systems patched. Also looking ahead, Apple is expected to announce iPod news. Otherwise, a warning was issued about new trickery from spammers and in case we all weren't aware of it by now, social-networking sites could be ripe for malware.
Wed, 03 Sep 2008 04:00:00 GMT
2008-09-03T04:00:00Z - Spammers are abusing free Web services to make their spam links look more legitimate, according to e-mail security vendor MessageLabs.
Tue, 02 Sep 2008 04:00:00 GMT
2008-09-02T04:00:00Z - Service-oriented architecture creates many new challenges in the areas of security and privacy. IT leaders must educate themselves on what these risks are to prevent rolling out a red carpet for hackers to get at corporate data. Mike Kavis asked architects, vendors, trainers and security experts to identify SOA's biggest security risks that architects need to address.
Fri, 29 Aug 2008 04:00:00 GMT
2008-08-29T04:00:00Z - Manchester Airport has started trialling facial recognition at border control as part of the UK 1.2bn e-Borders scheme to tighten controls. A new high-tech e-Border centre also was announced.
Thu, 28 Aug 2008 04:00:00 GMT
2008-08-28T04:00:00Z - Survey finds that 88 percent of IT employees who leave a company will use their knowledge to steal your confidential data. And a third of those devious IT administrators would take the company's privileged password list to access sensitive information such as financial reports, accounts and HR records.
Thu, 28 Aug 2008 04:00:00 GMT
2008-08-28T04:00:00Z - Attack code has infected at least one of the laptops used on the International Space Station, an effort headlined by the U.S. and Russia.
Thu, 28 Aug 2008 04:00:00 GMT
2008-08-28T04:00:00Z - From unlocking iPhones to install unofficial applications to hacking digital cameras and TiVo, these steps will help you use your gadgets the way you want, instead of just the way the manufacturer says you should.
Thu, 28 Aug 2008 04:00:00 GMT
2008-08-28T04:00:00Z - Server virtualization operational and economic benefits areundeniable but virtualized platforms are less secure than physical servers. However, cross-platform virtual security enables organizations to fully embrace the transition to server virtualization while simplifying their security policy enforcement.
Thu, 28 Aug 2008 04:00:00 GMT
2008-08-28T04:00:00Z - The European Court of Human Rights has refused U.K. hacker Gary McKinnon's appeal against demands for his extradition to the U.S.
Wed, 27 Aug 2008 04:00:00 GMT
2008-08-27T04:00:00Z - Nortel hopes to tackle the security of remote work with an "office on a stick," a USB drive that can link an employee's PC with a corporate VPN and keep all the information from a session encrypted.
Wed, 27 Aug 2008 04:00:00 GMT
2008-08-27T04:00:00Z - When a credit card company or card issuer does not effectively manage the impact of a security incident that leads to fraud, customers are likely to cancel cards, decrease business and pass the bad news on to other consumers resulting in loss of trust and lost revenues. However, handling a fraud incident effectively can result in a stronger customer relationship.
Tue, 26 Aug 2008 04:00:00 GMT
2008-08-26T04:00:00Z - Four simple steps from a Forrester analyst can help your company choose the best instant messaging security product for its needs--from plugging data leaks for compliance and preventing IP theft to virus scanning and preventing SpIM.
Mon, 25 Aug 2008 04:00:00 GMT
2008-08-25T04:00:00Z - Microsoft on Monday described some new privacy features that will come with IE8, the next release of its browser. The features are designed to make it easier for people to delete and control information about their Web browsing history.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This update resolves a privately reported vulnerability in the Microsoft Image Color Management (ICM) system that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves five privately reported vulnerabilies and one publicly disclosed vulnerability. All of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves five privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves a publicly reported vulnerability in Microsoft Word. This vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 12 Aug 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Tue, 08 Jul 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Tue, 08 Jul 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server. An attacker who successfully exploited these vulnerabilities could gain access to an individual OWA client’s session data, allowing elevation of privilege. The attacker could then perform any action the user could perform from within the individual client’s OWA session.
Tue, 08 Jul 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 08 Jul 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
Tue, 10 Jun 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user’s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
Tue, 10 Jun 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008; Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003; and Active Directory Lightweight Directory Service (AD LDS) when installed on Windows Server 2008. The vulnerability could be exploited to allow an attacker to cause a denial of service condition. On Windows XP Professional, Windows Server 2003, and Windows Server 2008, an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart.
Tue, 10 Jun 2008 08:00:00 GMT - Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS) that could allow elevation of privilege. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Tue, 10 Jun 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 10 Jun 2008 08:00:00 GMT - Bulletin Severity Rating:Moderate - This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb.
Tue, 10 Jun 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.
Tue, 10 Jun 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Tue, 13 May 2008 08:00:00 GMT - Bulletin Severity Rating:Moderate - This security update resolves two privately reported vulnerabilities in the Microsoft Malware Protection Engine. An attacker could exploit either of the vulnerabilities by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
Tue, 13 May 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves a security vulnerability in the Microsoft Jet Database Engine (Jet) in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tue, 13 May 2008 08:00:00 GMT - Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Wed, 27 Aug 2008 07:00:00 GMT - Revision Note: August 27, 2008: Added Windows XP Professional Service Pack 3 as affected software. Advisory Summary:Security Advisory
Wed, 13 Aug 2008 07:00:00 GMT - Revision Note: August 13, 2008: Updated to include links to HP’s Advisories Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Tue, 12 Aug 2008 07:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a private report of this vulnerability. We have issued MS08-041 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-041. The vulnerability addressed is the Snapshot Viewer Arbitrary File Download Vulnerability - CVE-2008-2463.
Tue, 12 Aug 2008 07:00:00 GMT - Revision Note: August 12, 2008: Added entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update to communicate that the re-release of the update to fix a known installation issue with Windows Server 2008 systems is now available via Microsoft Update. Advisory Summary:Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.
Tue, 12 Aug 2008 07:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-042 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-042. The vulnerability addressed is the Word Record Parsing Vulnerability - CVE-2008-2244.
Fri, 25 Jul 2008 07:00:00 GMT - Revision Note: July 25, 2008: Advisory published. Advisory Summary:Microsoft released Microsoft Security Bulletin MS08-037, Vulnerabilities in DNS Could Allow Spoofing (953230), on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.
Wed, 02 Jul 2008 07:00:00 GMT - Revision Note: July 2, 2008: Updated the Suggested Actions. Advisory Summary:Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.
Wed, 25 Jun 2008 07:00:00 GMT - Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.
Tue, 17 Jun 2008 07:00:00 GMT - Revision Note: June 17, 2008: Advisory updated to reflect availability of fix. Advisory Summary:Microsoft has completed the investigation into public reports of a non-security issue that affects environments with all supported versions of System Center Configuration Manager 2007 that deploy updates to Systems Management Services (SMS) 2003 clients. Microsoft has confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954474. Microsoft encourages customers affected by this issue to review and install this update.
Tue, 13 May 2008 07:00:00 GMT - Revision Note: May 13, 2008: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into public reports of this vulnerability. We have issued Microsoft Security Bulletin MS08-028 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-028: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749). The vulnerability addressed is the Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability - CVE-2007-6026.
Wed, 23 Apr 2008 07:00:00 GMT - Revision Note: April 23, 2008: Added an FAQ entry about known issues in installing the kernel update Advisory Summary:Security Advisory
Wed, 12 Mar 2008 07:00:00 GMT - Revision Note: Advisory updated to reflect the correct Excel file formats in the MOICE Workarounds section. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-014 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-014. The vulnerability addressed is the Microsoft Excel Vulnerability - CVE-2008-0081.
Wed, 09 Jan 2008 08:00:00 GMT - Revision Note: Advisory Updated: The registry key for the Configure a Domain Suffix Search List workaround has been corrected to the proper key of SearchList. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as “contoso.co.us”, or for whom the following mitigating factors do not apply, are at risk from this vulnerability.
Tue, 08 Jan 2008 08:00:00 GMT - Revision Note: Advisory Published. Advisory Summary:An update is available for currently supported editions of the Windows Vista operating system. The update to improve Windows Sidebar Protection enables Windows Sidebar to help block gadgets from running in Sidebar. For more information about installing this update, see Microsoft Knowledge Base Article 943411.
Tue, 11 Dec 2007 08:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-067 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-067. The vulnerability addressed is the Macrovision Driver Vulnerability - CVE-2007-5587.
Tue, 13 Nov 2007 08:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-061 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-061. The vulnerability addressed is the Windows URI Handling Vulnerability - CVE-2007-3896.
Thu, 24 May 2007 07:00:00 GMT - Revision Note: Advisory updated to change title from "Fix for Windows Installer (MSI)" to "Update for Windows Installer (MSI)," make minor edits, and remove unnecessary FAQ. Advisory Summary:Today we are announcing the availability of an update that does not address a security vulnerability, but is a high priority for customers in keeping their systems updated.
Wed, 09 May 2007 07:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-024 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-024.
Tue, 08 May 2007 07:00:00 GMT - Revision Note: Advisory updated. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-029 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-029. The vulnerability addressed is the DNS RPC Management Vulnerability - CVE-2007-1748.
Tue, 03 Apr 2007 07:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. We have issued MS07-017 to address this issue.
Tue, 12 Dec 2006 08:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft is investigating public reports of a vulnerability in Visual Studio 2005
Tue, 14 Nov 2006 08:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-071 to address this issue. For more information about this issue, including download links for an available security update, please review MS06-071.
Tue, 14 Nov 2006 08:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-067 to address this issue. For more information about this issue, including download links for an available security update, please review MS06-067. The vulnerability addressed is the DirectAnimation Path ActiveX Vulnerability - CVE-2006-4777.
Tue, 14 Nov 2006 08:00:00 GMT - Revision Note: Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation of security vulnerabilities in Macromedia Flash Player from Adobe, a third party software application that also was redistributed with Windows XP Service Pack 2 and Windows XP Professional x64 Edition. We have issued MS06-069 to address these issues. For more information about these issues, including download links for an available security update, please review MS06-069. This bulletin is for customers using Macromedia Flash Player version 6 from Adobe. The vulnerabilities addressed are the Macromedia Flash Player Vulnerabilities – CVE-2006-3014, CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, and CVE-2006-4640. Customers that have followed the guidance in Adobe Security Bulletin APSB06-11, issued September 12, 2006, are not at risk from these vulnerabilities.
Tue, 17 Oct 2006 07:00:00 GMT - Revision Note: Advisory Published. Advisory Summary:Microsoft is releasing this security advisory to inform customers about an update that enables Wi-Fi Protected Access 2 (WPA2) support for Wireless network Group Policy settings in Windows XP Service Pack 2. This update is being released to provide parity between Windows XP Service Pack 2 (before a broad release vehicle, like a service pack, is released) and the upcoming release of Windows Server 2003 Service Pack 2. With this update, customers can create Wireless network Group Policy settings to simultaneously manage WPA2 on systems running Windows XP Service Pack 2 and for any versions of Windows targeted by the upcoming Windows Server 2003 Service Pack 2. Also included in this update are Wireless client behavior changes for non-broadcast and ad-hoc networks. These defense-in-depth changes are intended to help prevent systems from connecting to networks other than those a user intends to connect to. The reason these defense-in-depth changes are included in this update in addition to the WPA2 support for Wireless network Group Policy is to provide parity between the two Windows versions. This makes it possible to manage WPA2 settings for wireless clients on different Windows versions using the same Wireless Group Policy. These defense-in-depth changes will be included in Windows 2003 Service Pack 2 as part of the same WPA2 support for Wireless network Group Policy settings. For more information about the upcoming Windows 2003 Service Pack 2 see the Windows Service Pack Road Map. The broad release vehicle is still considered to be a service pack for Windows XP for the defense-in-depth changes included in update 917021.
Tue, 10 Oct 2006 07:00:00 GMT - Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly and limited attacks. We are aware of Web sites attempting to use the reported vulnerability to install malware. Our investigation into these Web sites shows that, in most cases, attempts to install malicious software by exploiting this vulnerability fail. This is due to specific technical factors related to the vulnerability. We will continue to investigate these public reports. The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View. We are working on a security update currently scheduled for an October 10 release. Customers are encouraged to keep their anti-virus software up to date. Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site. We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country. Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can loc
Tue, 10 Oct 2006 07:00:00 GMT - Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac, and Microsoft PowerPoint 2004 v. X for Mac. In order for this attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability. Microsoft is also actively sharing information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks. Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Tue, 26 Sep 2006 07:00:00 GMT - Revision Note: Advisory Updated Advisory Summary:Microsoft is investigating new public reports of vulnerability using the Vector Markup Language on Microsoft on Windows 2000 Service Pack 4, on Windows XP Service Pack 1 and Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1.
Tue, 12 Sep 2006 07:00:00 GMT - Revision Note: Advisory published Advisory Summary:Today we are announcing the availability of an update that does not address a security vulnerability, but is a high priority for customers in keeping their systems updated. The update addresses the following issue: You may receive error code 0x80070002 when you try to update a computer running on Microsoft Windows that has a minifilter-based application installed. This error code could occur when updating using any of the following Microsoft tools: Automatic Updates, Windows Update Web site, Microsoft Update Web site, Inventory Tool for Microsoft Updates (ITMU) for Microsoft Systems Management Server (SMS) 2003, Software Update Services (SUS) 1.0, Windows Server Update Services (WSUS) 2.0. Currently, File Server Resource Manager (FSRM) is the only known minifilter-based application that can cause this behavior and is only available in Windows Server 2003 R2. However, many companies are developing minifilter-based applications that will be available in the near future. We encourage Windows customers to review and install this update. This update will be offered automatically through Automatic Updates. This update has been designed to install successfully even if a minifilter driver is installed that is preventing other updates from installing. For more information about this issue, including download links for the available non-security update, please review Microsoft Knowledge Base Article 922582.
Thu, 24 Aug 2006 07:00:00 GMT - Revision Note: Advisory updated to direct customers to the revised version of Microsoft Security Bulletin MS06-042 that includes new updates for Internet Explorer 6 Service Pack 1. Advisory Summary:Microsoft announced last week that it would be re-releasing MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers discussed in Microsoft Knowledge Base Article 923762. Due to an issue discovered in final testing, Microsoft will not be re-releasing MS06-042 today. This update will be re-released for Internet Explorer 6 Service Pack 1 when it meets an appropriate level of quality for broad distribution. Microsoft is also aware of public reports that this issue can lead to a buffer overrun condition for Internet Explorer 6 Service Pack 1 customers that have MS06-042 applied. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is aggressively investigating the public reports. Only customers using Internet Explorer 6.0 SP1 are affected, all other customers should continue their deployments of MS06-042. Customers using Internet Explorer 6.0 SP 1 should continue their deployment of MS06-042 and follow the existing guidance provided in Knowledge Base article 923762 and the Suggested Actions section of this Security Advisory.
Tue, 13 Jun 2006 07:00:00 GMT - Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.
Tue, 13 Jun 2006 07:00:00 GMT - Revision Note: Advisory published. Advisory Summary:An update is available for Kernel patch protection included with Windows Server 2003 SP1 and later versions of Windows for x64-based systems. Kernel patch protection protects code and critical structures in the Windows kernel from modification by unknown code or data. This update adds additional checks to this protection for increased reliabilty, performance, and security. For more information about this release, see Microsoft Knowledge Base Article 914784.
Tue, 13 Jun 2006 07:00:00 GMT - Revision Note: Advisory updated to advise of the release of Microsoft Security Bulletin MS06-021. Advisory Summary:Microsoft Security Bulletin MS06-021 has been released and replaces Microsoft Security Bulletin MS06-013. The Compatibility Patch discussed in Microsoft Knowledge Base Article 917425 is also replaced by this security update. The changes to the way Internet Explorer handles ActiveX controls is made permanent by the updates included with Microsoft Security Bulletin MS06-021. Microsoft originally released this security advisory discussing non-security update 912945 for Internet Explorer on February 28, 2006. This non-security update includes minor changes to how Internet Explorer handles some Web pages that use ActiveX controls and is being distributed to customers in phases. On Jan 9, 2006, Microsoft released this non-security update for Internet Explorer 6 for Windows XP Service Pack 2 to MSDN subscribers. On Feb 9, 2006 the same update became publicly available on MSDN. On February 28th it was distributed as a recommended update on Windows Update for Windows XP Service Pack 2 and for Windows Server 2003 Service Pack 1. For the final phase of distribution, this non-security update is included in Microsoft Security Bulletin MS06-013, released on April 11, 2006. This security update replaces non-security update 912945 for Internet Explorer. For more information about this non-security update for Internet Explorer, see Microsoft Knowledge Base Article 912945. Although most Internet sites have already prepared for the changes in the way that Internet Explorer handles some ActiveX controls, some enterprise customers have given feedback that more time is needed to ensure that corporate line-of-business applications are compatible with this change to Internet Explorer. Compatibility Patch – To help enterprise customers who need more time to prepare for the ActiveX update changes discussed in Microsoft Knowledge Base Article 912945 and included in Microsoft Security Bulletin MS06-013, Microsoft is releasing a Compatibility Patch on April 11, 2006. As soon as it is deployed,
Thu, 11 May 2006 07:00:00 GMT - Revision Note: Advisory published. Advisory Summary:Microsoft is aware of recent security vulnerabilities in Macromedia Flash Player, a third party software application that also was redistributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98, Windows 98 SE, and Windows Mi
Thu, 11 May 2006 07:00:00 GMT - Revision Note: Advisory published. Advisory Summary:Microsoft is aware of recent security vulnerabilities in Macromedia Flash Player, a third party software application that also was redistributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98, Windows 98 SE, and Windows Millennium Edition. The Microsoft Security Response Center is in communication with Macromedia and is aware that Macromedia has made updates that are available on their Web site. Microsoft encourages customers who use Macromedia Flash Player to follow the guidance documented in Macromedia’s Security Bulletin. The Macromedia Security Bulletin describes the vulnerabilities and provides the download locations so that you can install the appropriate update based on the version of Macromedia Flash Player you are using. If customers are not using Macromedia Flash Player on their system, or customers do not need Macromedia Flash Player, they can disable the ActiveX control in Internet Explorer to help protect against these vulnerabilities. See the Workarounds section in this advisory for ways to implement this change.
Tue, 11 Apr 2006 07:00:00 GMT - Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.
Tue, 14 Mar 2006 07:00:00 GMT - Revision Note: March 14, 2006: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.
Tue, 21 Feb 2006 08:00:00 GMT - Revision Note: Advisory updated to include additional mitigating factors. Msdds.dll file versions have also been revised: updated file version from 7.0.9446.0 to 7.0.9466.0 and added file version 7.0.9064.9143. Advisory Summary:Microsoft is investigating new public reports of a possible vulnerability in Internet Explorer. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft is aggressively investigating the public reports. The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet explorer. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Tue, 14 Feb 2006 08:00:00 GMT - Revision Note: Advisory Published Advisory Summary:Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. The attacker could do this by one or more of the following actions: By hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site; By convincing a user to open a specially crafted e-mail attachment; By convincing a user to click on a link in an e-mail message that takes the user to a malicious Web site; or By sending a specially crafted e-mail message to Outlook Express users, which they view in the preview pane. Note This is not the same issue as the one addressed by Microsoft Security Bulletin MS06-001 (912919). The vulnerability exists in: Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 and Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium. Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. In an e-mail based attack, customers would have to click a link to the malicious Web site, preview a malicious e-mail message, or open an attachment that exploited the vulnerability. In both Web-based and e-mail based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft will continue to investigate these reports and provide additional guid
Wed, 01 Feb 2006 08:00:00 GMT - Revision Note: Additional information about the blank password restriction functionality in Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, and Windows Server 2003 Service Pack 1. Added link to Virus Information Alliance member Sophos. Advisory Summary:Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords. Customers using Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, or Windows Server 2003 Service Pack 1 may be at reduced risk from this malware; if the account password is blank, the account is not valid as a network credential. In an environment where you can guarantee physical security, you do not need to use the account across the network, and you are using Windows XP or Windows Server 2003, a blank password is better than a weak password. By default, blank passwords can only be used locally in Windows XP and Windows Server 2003. Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24. On systems that are infected by Win32/Mywife@E.mm, the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts. For more information, see the Microsoft Virus Encyclopedia.
As with all currently known variants of the Mywife malware,
01 Sep 2008 10:00:00 +0400 - In its second month of compiling data, the new Kaspersky Security Network (KSN) technology revealed some significant changes amongst the most widespread malicious programs.
28 Aug 2008 16:06:00 +0400 - Kaspersky Lab, a leading developer of secure content management solutions, announces the release of the article "Rootkit Evolution" by Alisa Shevchenko, a virus analyst at the company.
This article by Alisa Shevchenko is the second in a series devoted to the evolution of viruses and antivirus...
31 Jul 2008 10:00:00 +0400 - Kaspersky Lab, a leading developer of secure content management systems, has released its latest report on the evolution of spam for the second quarter of 2008.
28 Jul 2008 10:00:00 +0400 - Kaspersky Lab, a leading developer of secure content management solutions, announces the publication of the article "Fraudulent Spam" by Natalya Zablotskaya, an anti-spam analyst at the company
16 Jul 2008 17:03:00 +0400 - Kaspersky Lab, a leading developer of secure content management systems, reports the detection of a malicious program that infects WMA audio files. The objective of the infection is to install a Trojan that gives a cybercriminal control of the user’s computer.
The worm, which was named...
15 Jul 2008 10:00:00 +0400 - Kaspersky Lab, a leading developer of secure content management systems, announces the publication of the article "Rustock and All That".
11 Jul 2008 19:08:00 +0400 - While more than half of respondents have wireless Internet access in the home, over two thirds of these have not taken steps to ensure adequate protection to prevent data theft and ID fraud, or are unsure of the required precautions to take
01 Jul 2008 14:00:00 +0400 - Summer vacation is in full swing, which means changes in the statistics for malicious programs in mail traffic are relatively small.
Thu, 28 Aug 2008 04:00:00 GMT
2008-08-28T04:00:00Z - Attack code has infected at least one of the laptops used on the International Space Station, an effort headlined by the U.S. and Russia.
Wed, 13 Aug 2008 04:00:00 GMT
2008-08-13T04:00:00Z - Most security attacks are targeted at a few weak points on your PC that aren't that hard to protect. Follow these simple tips, and you'll suddenly be a whole lot safer.
Tue, 29 Apr 2008 04:00:00 GMT
2008-04-29T04:00:00Z - A PCWorld.com columnist shows you how to get rid of spyware, shrug off spam, and stay safe on unsecured public networks.
