Microsoft Word Bug Leaves Users Open To Attack
,----[ Quote ]
| Microsoft researchers are currently investigating reports of targeted attacks
| that can be exploited through Microsoft Word, including Word 2007, using a
| buffer overflow error in the Jet Database Engine.
`----
http://www.crn.com/security/206905442
,----[ Quote ]
| As part of its monthly "Patch Tuesday" schedule Microsoft has issued a number
| of bulletins about 12 security vulnerabilities in its software. Seven of the
| vulnerabilities affect Microsoft Excel, and could allow a hacker to gain
| remote control over a user's computer by a maliciously crafted spreadsheet.
`----
http://www.securitypark.co.uk/security_article261162.html
Some known ones have not been patched. As usual, Office is always open for
hijackers and since it's proprietary, there's nothing the user can do about
it.
Yesterday
Windows Vista immune to remote code execution flaw in Microsoft Jet Database
,----[ Quote ]
| Windows Vista users, count your blessings. Though the operating system may
| be flawed, sluggish in some areas and have issues with installing the new
| service pack; it is not vulnerable to a new flaw exposed in the Microsoft Jet
| Database Engine which could allow remote code execution.
`----
http://vista.blorge.com/2008/03/22/windows-vista-immune-to-remote-code-execution-flaw-in-microsoft-jet-database/
Last week:
Buggy Microsoft Excel Patch Causes Bad Math
,----[ Quote ]
| A bug in this week's MS08-014 patch causes Excel to return zeroes instead of
| the correct number when certain types of macros are run within the program.
`----
http://www.pcworld.com/article/id,143467-pg,1/article.html
Related:
Microsoft preps 133 patches for Windows DNS hole
,----[ Quote ]
| Microsoft is working on 133 separate updates for the problem, Budd wrote.
`----
http://news.com.com/8301-10784_3-9710490-7.html
Microsoft DNS Server Attacks Continue
,----[ Quote ]
| The concept enables malicious users to run code remotely under the
| system privileges generally granted to the DNS service itself.
`----
http://www.betanews.com/article/Microsoft_DNS_Server_Attacks_Continue/1176828918
Microsoft: Patch for critical DNS flaw may be ready by 8 May
,----[ Quote ]
| The cmopany has been under pressure to address the flaw, reported
| last week, since software that exploits it has now been widely
| disseminated, and criminals are beginning to use it in attacks.
`----
http://www.computerworlduk.com/technology/servers-data-centre/infrastructure-management/news/index.cfm?newsid=2650
http://tinyurl.com/27wje2
Attack code raises Windows DNS zero-day risk
,----[ Quote ]
| At least four exploits for the vulnerability in the Windows domain
| name system, or DNS, service were published on the Internet over the
| weekend, Symantec said in an alert Monday.
`----
http://news.zdnet.com/2100-1009_22-6176429.html
Cybercrooks exploiting new Windows DNS flaw
,----[ Quote ]
| Cybercrooks are using a yet-to-be-patched security flaw in certain
| Windows versions to attack computers running the operating systems,
| Microsoft warned late Thursday.
`----
http://news.zdnet.com/2100-1009_22-6175743.html
Microsoft's advisories giving clues to hackers
,----[ Quote ]
| How's this for a new twist on the old responsible disclosure debate:
| Hackers are taking advantage of information released in Microsoft's
| pre-patch security advisories to create exploits for zero-day
| vulnerabilities.
`----
http://blogs.zdnet.com/security/?p=167
DNS security improves as firms tool up to tackle spam
,----[ Quote ]
| Infoblox's survey found that the number of internet-facing DNS servers
| increased from 9m in 2006 to 11.5m in 2007, indicative of the overall growth
| of the internet. Percentage usage of the most recent and secure version of
| open-source domain name server software - BIND 9 - increased from 61 per cent
| to 65 per cent over the last year. Use of BIND 8, by contrast, dropped from
| 14 per cent in 2006 to 5.6 per cent this year. Usage of the Microsoft DNS
| Server on web-facing systems also fell, decreasing to to 2.7 per cent in 2007
| from five per cent last year.
`----
http://www.theregister.co.uk/2007/11/20/dns_security_survey/
Use of rogue DNS servers on rise
,----[ Quote ]
| The paper estimates roughly 68,000 servers on the Internet are returning
| malicious Domain Name System results, which means people with compromised
| computers are sometimes being directed to the wrong Web sites — and often
| have no idea.
`----
http://news.yahoo.com/s/ap/20080213/ap_on_hi_te/techbit_servers_that_lie
|
|
