Microsoft on Tuesday plans to release seven security bulletins, including a fix for a zero-day flaw in Windows that is already being used in cyberattacks.
The bulletins, part of Microsoft's monthly patch cycle, are slated to provide fixes for an undisclosed number of security vulnerabilities in Windows, Office, Exchange and BizTalk, Microsoft said on its Web site Thursday. The issue affecting BizTalk also relates to "Capicom," a developer component to add cryptography to applications.
Each of the four product families is scheduled to get at least one "critical" update, Microsoft's highest severity rating, the company said. Microsoft plans to release two bulletins related to issues in Windows and three related to Office, with one remaining for both Exchange and BizTalk, it said.
Security issues tagged as critical typically could allow an attacker to gain full control of an affected system with very little, if any, action by the user.
Microsoft's updates will include a patch for a vulnerability in the Windows domain name system, or DNS. The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft warned of the problem last month and has said it was being used in "limited" attacks.
Microsoft gave no further information on the upcoming alerts, other than to state that some of the fixes may require restarting the computer or server.
His quote "very little if any action" is by the user, not the hacker. If you have an issue that results in a buffer, heap, stack, etc overflow then you can craft a hack to overflow the memory region and gain access to the system pointer, at which time you can point to your own code and execute it without the end-user's consent and/or knowledge.
Sometimes things are inherently explained unless you don't have the skillset to understand them. since you don't seem to understand IT security I recommend you start with a book called: "Inside Internet Security / What Hackers don't want you to know" by Crume and published by Addison-Wesley. You're either a newbie or an antagonist, either way you could have emailed him with this if you were serious.
Always the same line to gain an download into somebody's pc, which usually results in more trouble for the consumer. Like the old story about the boy who cried wolf too many times- now the real wolf is Microsoft.
Well another day another major flaw in Microsoft's OS ... well i cant say that out loud too much ,but i am starting to encourage people that cant or wont buy a mac to look into Ubuntu ... The flaws inside Microsoft's code are getting too much to bear for some users that just want a computer to read emails , browse the internet with a reasonable level of safety , what Microsoft promised to deliver for years and certainly cant because they dont want to reconsider the vailidity of the LEGACY code they will probably carry for the next 10 years ... Apple delivers systems to a public that are solid with a little know how . Microsoft while only delivering software delivers headaches to no end to their end users ... Time for people to call the OS what it is.
According to a simple query against the National Vulnerability Database, Windows XP has 252 reported vulnerabilities, while Mac OSX has 343 reported vulnerabilities.
This means Windows XP has 27% less vulnerabilities than Mac OSX. This is verifiable information. You can look it up yourself: <a class="jive-link-external" href="http://nvd.nist.gov/nvd.cfm?advancedsearch" target="_newWindow">http://nvd.nist.gov/nvd.cfm?advancedsearch</a>
Given this, why is it that whenever Microsoft announces they are releasing patches, a bunch of on cnet people start these anti-microsoft rants? I really don't understand this at all.
I have looked up your databases and while many of the problems reported there are corrected AND most of them are 3rd party as well if you look closely. True mac os X server takes some configuring to get right . Out of the box you have some corrections to make. A lot of the vulnerabilities listed here point to ActiveX and Microsoft Office ... Weird you can turn active X off you know in Office for mac. I see as well listing holds loads of stuff on RPC no one in their right minds would use ... to be precise it is not only deactivated by default in Mac os X but it is highly recommanded to avoid installing it at all unless you need to be compatible with a standard even SUN dropped the use of . Everyone in their right minds turns off SSH except when connecting to hosts you can trust.
You can isolate your admins from SU capabilities if you wish , all it takes is modifying the sudoers files in /etc this is just a misconfiguration.
Most of the attacks mentionned in the database require at least local user or admin accounts , most of what is listed for windows Xp does not even require such privileges , just a internet connection.
Not to mention vulnerability database mentions vulns dating back to 10.3 and earlier. The problem with your query was as you mentionned it simple , not expansive. Some of what is listed here dates back to 10.0.3. Side note there are many more exploits in the wild for windows than there would be for mac os X market share argument not being valid since mac os X is the hacker's holy grail.
But i have to give you the database is a good example of how improperly configured services can lead to vulnerabilities.
It seems to me the term 'zero-day' is being a bit over used, perhaps from ignorance, but I believe its more trying to draw eyes to the story. In other words, phrase exploitation.
The definition of 'zero-day' doesn't seem to apply to the DNS flaw in the story. Vista has been out for months now, and I seriously doubt any revamp was done to the DNS system anyway. Zero-day flaws typically have to be leaked by the developers, or a beta tester, before official release to be called 'Zero-day'. Whoever started this just wants attention.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
what does this mean joris evers? more details please. poor story effort and research or you just decided not to be more specific.
If you have an issue that results in a buffer, heap, stack, etc overflow then you can craft a hack to overflow the memory region and gain access to the system pointer, at which time you can point to your own code and execute it without the end-user's consent and/or knowledge.
Sometimes things are inherently explained unless you don't have the skillset to understand them.
since you don't seem to understand IT security I recommend you start with a book called:
"Inside Internet Security / What Hackers don't want you to know" by Crume and published by Addison-Wesley.
You're either a newbie or an antagonist, either way you could have emailed him with this if you were serious.
cant say that out loud too much ,but i am starting to encourage
people that cant or wont buy a mac to look into Ubuntu ... The
flaws inside Microsoft's code are getting too much to bear for
some users that just want a computer to read emails , browse
the internet with a reasonable level of safety , what Microsoft
promised to deliver for years and certainly cant because they
dont want to reconsider the vailidity of the LEGACY code they
will probably carry for the next 10 years ... Apple delivers
systems to a public that are solid with a little know how .
Microsoft while only delivering software delivers headaches to
no end to their end users ... Time for people to call the OS what
it is.
This means Windows XP has 27% less vulnerabilities than Mac OSX. This is verifiable information. You can look it up yourself: <a class="jive-link-external" href="http://nvd.nist.gov/nvd.cfm?advancedsearch" target="_newWindow">http://nvd.nist.gov/nvd.cfm?advancedsearch</a>
Given this, why is it that whenever Microsoft announces they are releasing patches, a bunch of on cnet people start these anti-microsoft rants? I really don't understand this at all.
problems reported there are corrected AND most of them are
3rd party as well if you look closely. True mac os X server takes
some configuring to get right . Out of the box you have some
corrections to make. A lot of the vulnerabilities listed here point
to ActiveX and Microsoft Office ... Weird you can turn active X off
you know in Office for mac. I see as well listing holds loads of
stuff on RPC no one in their right minds would use ... to be
precise it is not only deactivated by default in Mac os X but it is
highly recommanded to avoid installing it at all unless you need
to be compatible with a standard even SUN dropped the use of .
Everyone in their right minds turns off SSH except when
connecting to hosts you can trust.
You can isolate your admins from SU capabilities if you wish , all
it takes is modifying the sudoers files in /etc this is just a
misconfiguration.
Most of the attacks mentionned in the database require at least
local user or admin accounts , most of what is listed for windows
Xp does not even require such privileges , just a internet
connection.
Not to mention vulnerability database mentions vulns dating
back to 10.3 and earlier. The problem with your query was as
you mentionned it simple , not expansive. Some of what is listed
here dates back to 10.0.3. Side note there are many more
exploits in the wild for windows than there would be for mac os
X market share argument not being valid since mac os X is the
hacker's holy grail.
But i have to give you the database is a good example of how
improperly configured services can lead to vulnerabilities.
The definition of 'zero-day' doesn't seem to apply to the DNS flaw in the story. Vista has been out for months now, and I seriously doubt any revamp was done to the DNS system anyway. Zero-day flaws typically have to be leaked by the developers, or a beta tester, before official release to be called 'Zero-day'. Whoever started this just wants attention.