Security News

Microsoft offers temporary fix for 'extremely critical' flaw

Microsoft has updated a security advisory published in June, offering users a way to become immune to a highly critical flaw in Internet Explorer, IT Week reports.

The flaw causes IE to crash or could allow hackers to take control of a user's system by placing specially created code on a website.

It affects current versions of IE on fully patched systems, and has been rated 'extremely critical' by security website Secunia.

Microsoft has confirmed that the flaw and exploit code is publicly available, but claimed that it is not aware of any attacks using the exploit.

The workaround requires users to manually prevent a .dll file from running, or to set the Windows internet security settings to 'high' to prevent ActiveX commands from being executed.

Read the full story:
http://www.itweek.co.uk/vnunet/news/...-temporary-fix

Read the updated security advisory:
http://www.microsoft.com/technet/sec...ry/903144.mspx


Latest patches more critical than ever, warns Microsoft
Online July 13, 2005

Microsoft has issued a warning that two of the upgrades in this month's software patch release fix flaws that are actively being exploited on the web, IT Week reports.

The company announced last week that it would release two fixes for Windows and one for Office. All the patches have the company's highest 'critical' security rating.

One of the patched problems is a hole in Microsoft's Java Virtual Machine that allows hackers to take control of a computer. Another affects the Colour Management Module inside Windows.

Both flaws can be exploited by previewing an email, opening an emailed attachment or visiting a webpage containing malicious code.

The two holes in Windows components are actively being used by hackers to take over computers. All current and fully patched versions of Windows XP and Windows 2003 are affected by the flaw.

Read the full story:
http://www.itweek.co.uk/vnunet/news/...latest-patches


One in ten surfers tuck into spam
Online July 14, 2005

According to a new survey, eleven per cent of the internet population buys goods that are advertised in spam email messages, vnunet.com reports.

Not surprisingly however, many of these attempted purchases often do not work out. Another nine per cent said they had lost money due to email scams advertised in spam emails.

An additional 39 per cent of the 800 people surveyed admitted to still reading the messages and clicking on links embedded in the emails. This is a known method for spammers to detect if an email address is being used, and as a result 57 of the latter group reported that they started receiving more spam.

Clicking links in spam emails not only attracts additional spam, the web pages that users visit could also contain viruses and spyware, anti-spam vendor Mirapoint warned.

Read the full story:
http://www.vnunet.com/vnunet/news/21...-spam-messages


Report: Computer hijacking on the rise
Online July 12, 2005

Personal computers that play unwitting host to zombie code are proliferating at a startling pace, ZDNet UK reports.

Incidents involving the malicious code, also known as bot code, reached 13,000 from April through June, according to a report from antivirus-software maker McAfee.

That's quadruple the number tracked by the company in the previous three months. McAfee estimated that 63 percent more machines were exploited by bot programs and by spyware and adware ? their slightly less insidious, but more common, cousins ? in the first six months of this year than in the whole of last year.

Intruders can remotely control a network of infected machines to launch attacks on other computers and Web sites, spread spam and steal data, for example. Like most worms and viruses, zombie programs largely target machines running Windows.

Read the full story:
http://news.zdnet.co.uk/internet/sec...9208661,00.htm


Read more news at http://www.bullguard.com/news
'till next week


The BullGuard Team
BullGuard Limited, 823 Salisbury House, 29 Finsbury Circus, EC2M 5QQ London, United Kingdom