Vulnerabilities & attacks

Microsoft is investigating reports of a flaw that could allow someone to remotely execute code on a system running certain versions of SQL Server.

"Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory," the company wrote in a security advisory published on Monday. "Our investigation of this exploit code has verified that it does not affect systems that have had the workarounds listed below applied. Currently, Microsoft is not aware of active attacks that use this exploit code or of customer impact at this time."

Affected … Read more

Microsoft issued an advisory late Monday confirming a remote code execution vulnerability affecting its SQL Server line.

The vulnerability affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).

Not affected by this issue, Microsoft said, are systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008.

From Microsoft's advisory:

Check Point Software Technologies announced Monday it plans to acquire the security appliance business of cell phone giant Nokia.

With the acquisition, the security software maker plans to use Nokia's security appliance business to broaden its footprint in the security appliance market.

Check Point, which is predominately known for its security firewall business, has branched out into the security appliance business over the past five years, beginning with its VPN-1 Edge device.

Nokia's security appliance business currently serves 23,000 customers throughout the world and is already designed to work with Check Point's firewall, virtual private network (… Read more

Mozilla has released updates to its popular Firefox browser, its Thunderbird e-mail client, and its SeaMonkey application suite, aiming to address highly critical security flaws that could expose users' sensitive information.

Users are advised to update to version 3.0.5 of Firefox, which was released Tuesday. They are also advised to update to version 2.0.0.19 of Thunderbird and version 1.1.14 of SeaMonkey.

The vulnerabilities were found in earlier versions of Firefox 3, as well as in versions of Firefox 2.

According to a research note released Wednesday by security researcher Secunia:

Some vulnerabilities have … Read more

Microsoft released a critical security patch on Wednesday to plug vulnerabilities in Internet Explorer, a move that comes amid malicious attackers taking advantage of the security flaws.

The patch is designed to prevent attackers from downloading malware onto users' computers if they visit a malicious Web site, or a legitimate Web site that has been infected.

This zero-day exploit has been in circulation since the first week of December and potentially could have infected a wide swath of users.

The vulnerabilities are found in not only IE 7, Microsoft's latest browser, but also Internet Explorer 5.01, Internet Explorer … Read more

Microsoft issued a critical security warning Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7.

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users' system with a Trojan horse, or "downloaders" that can download other … Read more

An unpatched security hole in Internet Explorer that is being exploited affects all versions of the browser, making it more serious than originally believed when it was first publicized two days ago, Microsoft says.

Microsoft is investigating reports of attacks against a new vulnerability in IE but said in an update to a security advisory issued late on Thursday that all versions of IE are potentially vulnerable.

The company recommends setting the Internet zone security setting to "high" and using access control lists to disable Ole32db.dll to provide the most effective protection against an attack.

"Our … Read more

A new report from the Anti-Phishing Working Group is yet another reminder of the information security threats we all face. This latest publication states that the number of compromised URLs used to distribute malicious code nearly tripled in the 12-month period from July 2007 through July 2008.

This data, along with similar research from McAfee, RSA Security, Symantec, and Trend Micro, demonstrate that the bad guys are taking advantage of the global recession with an increase in attack volume and sophistication. Certainly, security professionals recognize this unsettling trend, and according to ESG Research data, security remains a top IT priority … Read more

Editor's note: This is part of a series of stories about the recession's effect on the tech industry.

Last month, McAfee cybercrime strategist Pamela Warren sat down with a senior executive at a Sydney bank to discuss the risks to the corporate network from workers using social networking.

After going over the trade-offs associated with allowing insiders to use social networks at work, his team confirmed that they would use data leak prevention technology to monitor the network traffic--balancing the desire to benefit from such new technologies while ensuring company secrets remain protected.

Warren had a similar meeting … Read more