Microsoft is putting the final touches on a patch to limit an MSN Messenger feature that allowed any Web site to grab a visitor's IM nickname and buddy list.
Read more
Read more
The Telnet protocol provides remote shell capabilities. Microsoft has implemented the Telnet protocol by providing a Telnet Server in several products. The implementations in two of these products - - - Windows 2000 and Interix 2.2 - contain unchecked buffers in the code that handles the processing of telnet protocol options.
An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.
Read more
An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.
Read more
Symantec has released a new virus definitions update for Norton Antivirus. Thanks Bidz.
The Microsoft Exchange System Attendant is one of the core services in Microsoft Exchange. It performs a variety of functions related to the on-going maintenance of the Exchange system. To allow remote administration of an Exchange Server using the Exchange System Manager Microsoft Management Console (MMC) snap in, the System Attendant makes changes to the permissions on the Windows Registry to allow Exchange Administrators to remotely update configuration settings stored in the Registry.
There is a flaw in how the System Attendant makes these Registry configuration changes. This flaw could allow an unprivileged user to remotely access configuration information on the server. Specifically, this flaw inappropriately gives the Everyone group privileges to the WinReg key. This key controls the ability of users and groups to remotely connect to the Registry. By default, only Administrators are given the ability to remotely connect to the Registry, by granting permissions on this key.
Read more
There is a flaw in how the System Attendant makes these Registry configuration changes. This flaw could allow an unprivileged user to remotely access configuration information on the server. Specifically, this flaw inappropriately gives the Everyone group privileges to the WinReg key. This key controls the ability of users and groups to remotely connect to the Registry. By default, only Administrators are given the ability to remotely connect to the Registry, by granting permissions on this key.
Read more
MooSoft has posted new trojan definitions for The Cleaner
Symantec has released a new virus definitions update for Norton Antivirus.
McAfee Virus definitions has been updated to version 4185. Thanks Brad.
MooSoft has posted a trojan definitions update for The Cleaner
Windows suffered fewer security vulnerabilities than Linux last year, according to figures released by vulnerability tracker SecurityFocus.
Although the statistics so far only go up to August 2001, aggregated distributions of the Linux operating system suffered 96 vulnerabilities while Windows NT/2000 suffered only 42.
Read more
Although the statistics so far only go up to August 2001, aggregated distributions of the Linux operating system suffered 96 vulnerabilities while Windows NT/2000 suffered only 42.
Read more
Thanks Robert. A flaw in the way Microsoft's Windows 2000 and NT 4.0 server operating systems authenticate users across domains could allow somebody with administrator privileges to extend that power to other domains, Microsoft warns.
Read more
Read more
Symantec has released a new virus definitions update for Norton Antivirus.
McAfee Virus definitions has been updated to version 4184
...SIDs in Authorization Data
Microsoft has released a new security patch for Windows NT/2000
Microsoft has released a new security patch for Windows NT/2000
Microsoft has released a Windows 2000 Security Rollup Package. Thanks DosFreak.
Netscape has admitted that versions of its Navigator browser could expose users to malicious websites.
According to a security note published on Netscape's website, Navigator Versions 6 through to 6.2 contain a security flaw that could allow a malicious website to read the cookies that another site has stored on a user's computer.
Read more
According to a security note published on Netscape's website, Navigator Versions 6 through to 6.2 contain a security flaw that could allow a malicious website to read the cookies that another site has stored on a user's computer.
Read more
Microsoft has released security updates for SQL Server 2000 Service Pack 1 and 2
MooSoft has updated their trojan definitions for The Cleaner once again.
Hardware Zone send words about a new email worm
MooSoft has posted a new trojan definitions update for The Cleaner
