TechWeb
reports:
April's
mega collection includes 20 new vulnerabilities, 8 of which are rated
as Critical, the most dire assessment in the Redmond, Wash.-based
developer's four-level ranking system. Sixteen of the 20
vulnerabilities can be exploited remotely, the most dangerous type of
bug because hackers can conduct an attack over the Internet.(...)
MS04-011,
which includes 14 new vulnerabilities, affects every version of Windows
to one degree or another, and if exploited, could allow attackers
remote access to a PC. The most serious of the bugs affect Windows NT,
2000, XP, and Server 2003.(...)
Also in MS04-011's
mega-collection of Windows bugs is one that involves SSL (Secure Socket
Layer) (...) X-Force believes that hackers will aggressively target
this vulnerability given the high-value nature of Web sites protected
by SSL.(...)
[The second] security update includes four new
vulnerabilities in the RPC/DCOM components of Windows (...) The
RPC/DCOM Runtime vulnerability should be of special concern to all
users, said Gullotto. There's great potential for another worm that
exploits this. (...)
Microsoft's third bulletin of the day
involves Outlook Express (OE) (...) An attacker who builds malicious
URLs could run HTML code in the Local Security zone of Internet
Explorer, possibly resulting in a takeover of the system.(...)
In related news
PC Pro
reports:
OS X virus warning criticised, no threat exists
A
security company that warned of the first 'trojan horse-style virus for
Mac OS X has been criticised by developers and security experts for
raising an unnecessary false alarm. (...)
Intego first warned of the potential security threat last week. (...)
Intego fails to mention that there are as yet no instances of this in the wild, meaning no computers have been infected. (...)
Security
experts criticised Intego for making an issue of the potential
vulnerability: 'They gave the impression that this is a threat, but it
isn't,' Dave Schroeder, a systems engineer with the University of
Wisconsin, told Wired.com. 'It is a benign proof of concept that was
posted to a newsgroup. It isn't in the wild, and can't be spread in the
wild. It's a non-issue.' (...)
:-)
19.04.2004, 01:41
Microsoft Discloses Huge Number Of Windows Vulnerabilties
19.04.2004, 01:41