A new Ad-aware referencefile has been released
Symantec has released a new virus definitions update for Norton Antivirus. Thanks APK.
The recently discovered security flaw in Microsoft's Web-based Distributed Authoring and Versioning (WebDAV) protocol for IIS server is more serious than was first thought, according to a UK security firm.
Read more
Read more
Symantec has released a new virus definitions update for Norton Antivirus. Thanks APK.
A new build of AVG Free Edition has been released
A Venezuelan security consultant has released a small program designed to compromise Microsoft Internet Information Service servers that haven't had a recent security hole patched.
Read more
Read more
AntiVir Personal Edition 6.18.15.68 is out
Symantec has released a new virus definitions update for Norton Antivirus. Thanks APK.
Symantec has released a new virus definitions update for Norton Antivirus. Thanks APK.
It's been a heck of a week for security vulnerabilities. The most attention, deservedly so, went to another buffer overflow in Microsoft's IIS Web server, but there were many more.
The IIS hole was unusual in that, unlike most vulnerabilities, it appears to have been exploited before it was discovered and patched. Even worse, it was the U.S. Army's Web server that was attacked. Microsoft put out a patch in relative hurry and there are several workarounds that should block the exploit. However, they come at the expense of functionality in IIS support for WebDAV, which allows file I/O-style access to web sites. This is one of those problems for which administrators should drop everything and deal.
After reports of server crashes introduced with the patch Microsoft modified the security advisory for this problem to warn that certain specific versions of Windows 2000 were incompatible with the patch and that it would cause these systems to blue-screen. Security patches from Microsoft are usually issued before there are any real-world exploits, and Microsoft puts them through extensive testing. No such luck in this case, and they had to write and issue the patch post-haste. This is what happens when you're in a hurry.
And it didn't end there.
Read more
The IIS hole was unusual in that, unlike most vulnerabilities, it appears to have been exploited before it was discovered and patched. Even worse, it was the U.S. Army's Web server that was attacked. Microsoft put out a patch in relative hurry and there are several workarounds that should block the exploit. However, they come at the expense of functionality in IIS support for WebDAV, which allows file I/O-style access to web sites. This is one of those problems for which administrators should drop everything and deal.
After reports of server crashes introduced with the patch Microsoft modified the security advisory for this problem to warn that certain specific versions of Windows 2000 were incompatible with the patch and that it would cause these systems to blue-screen. Security patches from Microsoft are usually issued before there are any real-world exploits, and Microsoft puts them through extensive testing. No such luck in this case, and they had to write and issue the patch post-haste. This is what happens when you're in a hurry.
And it didn't end there.
Read more
Symantec has released a new virus definitions update for Norton Antivirus. Thanks APK.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent
directly to the user in email.
Read more
directly to the user in email.
Read more
Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service
A flaw exists in the ISA Server DNS intrusion detection application filter, and results because the filter does not properly handle a specific type of request when scanning incoming DNS requests.
An attacker could exploit the vulnerability by sending a specially formed request to an ISA Server computer that is publishing a DNS server, which could then result in a denial of service to the published DNS server.
Read more
A flaw exists in the ISA Server DNS intrusion detection application filter, and results because the filter does not properly handle a specific type of request when scanning incoming DNS requests.
An attacker could exploit the vulnerability by sending a specially formed request to an ISA Server computer that is publishing a DNS server, which could then result in a denial of service to the published DNS server.
Read more
Symantec has released a new virus definitions update for Norton Antivirus. Thanks APK.
AVG Free Edition 6.0 Build 463 is out
A new ad-aware referencefile has been released
Microsoft has released a new update for Windows NT 4.0: Malformed Request to RPC Endpoint Mapper can Cause RPC Service to Fail
Trojan Remover 5.0.0 has been released
Microsoft has released a new security patch for Windows 2000 server: IIS Remote Exploit from ntdll.dll vulnerability
avast! Home Edition 4 Build 525 is out
