-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Russinovich: A possible cure for exploitable heap corruption in Windows 7
,----[ Quote ]
| The key to a huge plurality, if not a
| majority, of exploits that have plagued
| Microsoft Windows over the past two decades
| has been tricking the system into executing
| data as though it were code. A malicious
| process can place data into its own heap --
| the pile of memory reserved for its use --
| that bears the pattern of executable
| instructions. Then once that process
| intentionally crashes, it can leave behind a
| state where the data in that heap is pointed
| to and then executed, usually without
| privilege attached.
`----
http://www.betanews.com/article/Russinovich-A-possible-cure-for-exploitable-heap-corruption-in-Windows-7/1262199764
Windows 7 might get fixed
http://www.theinquirer.net/inquirer/news/1567058/windows-fixed
Long-time Windows vulnerability might be fixed soon
http://www.mxlogic.com/securitynews/web-security/longtime-windows-vulnerability-might-be-fixed-soon382.cfm
Recent:
Is Microsoft Overhyping Security In Windows 7?
,----[ Quote ]
| Microsoft has been aggressively marketing
| the security improvements in Windows 7, but
| some security experts believe this strategy
| could leave the software giant open to some
| unpleasant repercussions.
`----
http://www.crn.com/security/221601336;jsessionid=1PUCNFDYQWQKVQE1GHPSKH4ATMY32JVN
Microsoft patching zero-day Windows 7 SMB hole
,----[ Quote ]
| Microsoft on Friday said it is working on a
| fix for a vulnerability in the Server
| Message Block file-sharing protocol in
| Windows 7 and Windows Server 2008 Release 2
| that could be used to remotely crash a
| computer.
`----
http://news.cnet.com/8301-1009_3-10397759-83.html
Microsoft acknowledges Windows 7 security threat
http://www.examiner.com/x-5258-Detroit-Technology-Examiner~y2009m11d12-Microsoft-acknowledges-Windows-7-security-threat
Microsoft confirms first Windows 7 zero-day bug
,----[ Quote ]
| The zero-day vulnerability was first
| reported by Canadian researcher Laurent
| Gaffie last Wednesday, when he revealed the
| bug and posted proof-of-concept attack code
| to the Full Disclosure security mailing list
| and his blog. According to Gaffie,
| exploiting the flaw crashes Windows 7 and
| Server 2008 R2 systems so thoroughly that
| the only recourse is to manually power off
| the computers.
`----
http://www.computerworld.com/s/article/9140858/Microsoft_confirms_first_Windows_7_zero_day_bug
Microsoft being a Onecare
,----[ Quote ]
| For starters, it uses an ActiveX control -
| Internet Explorer required in other words -
| that's annoyingly hard to install. You get
| warnings galore from Windows 7's UAC and IE
| about popups and do you really really really
| want to install something that has the
| potential to roger your system well and
| truly?
`----
http://www.geekzone.co.nz/juha/6933
Microsoft issues first Windows 7 patches
,----[ Quote ]
| Microsoft's massive security update last
| week included patches for nine Windows 7
| vulnerabilities, far fewer than were issued
| for Windows Vista and Windows XP.
`----
http://news.idg.no/cw/art.cfm?id=6C9A9B1E-1A64-6A71-CE31A080914EC95C
Windows 7 is 'insecure', warns F-Secure
,----[ Quote ]
| The new operating system's Windows Explorer file manager still misleads users
| about the true extension of a file, said Patrik Runald, chief research
| advisor at Helsinki-based F-Secure.
`----
http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&newsid=14648
Windows 7 Fail
,----[ Quote ]
| Windows 7 RC is out today.
|
| This is great news.
|
| Because surely by now they've fixed Windows Explorer.
|
| You see, in Windows NT, 2000, XP and Vista, Explorer used to Hide extensions
| for known file types. And virus writers used this "feature" to make people
| mistake executables for stuff such as document files.
|
| The trick was to rename VIRUS.EXE to VIRUS.TXT.EXE or VIRUS.JPG.EXE, and
| Windows would hide the .EXE part of the filename.
`----
http://www.f-secure.com/weblog/archives/00001675.html
Microsoft patches first critical bug in Windows 7 beta
,----[ Quote ]
| Microsoft Corp. patched the first critical vulnerability in Windows 7 Tuesday
| as it rolled out an update that fixes three flaws in the new operating
| system's kernel.
`----
http://www.itworld.com/windows/64099/microsoft-patches-first-critical-bug-windows-7-beta
Experts: Windows 7 at risk from legacy flaw
,----[ Quote ]
| For example, malicious code writers could name a 'virus.exe' file
| as 'virus.txt.exe' or 'virus.jpg.exe', he said. Windows Explorer would then
| hide the .exe part of the filename, meaning that the user would only
| see 'virus.txt' or 'virus.jpg'. Additionally, virus writers would change the
| icon displayed with the file in Windows Explorer so it looked like the icon
| of a text file or an image. Users might then click on the disguised file.
`----
http://news.zdnet.co.uk/security/0,1000000189,39648558,00.htm
Win7 can still be exploited by hackers
,----[ Quote ]
| "People typically look at the icon to know what the file is," Runald told
| ComputerWorldUK. "If it looks like a Word doc or a PDF file, there's an
| implicit trust in it, and users are more likely to click on those files, even
| if they are actually an executable."
`----
http://www.theinquirer.net/inquirer/news/1137041/win7-exploited-hackers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAktBE6YACgkQU4xAY3RXLo6EuwCfc9v6PieiC6qNWRuZhJFR4bxg
bNsAnRM5fH8W2UG6e/w62wtuOjLSQZxY
=kRyy
-----END PGP SIGNATURE-----
|
|
