Other MS patch news as well as a Yahoo vulnerability?



Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS…

“this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin.”

Not timeline yet on when… There are also public exploits out for (possibly related to MS06-046) which is related to the MS Help system.


There were also apparently problems with MS06-042 and there is a hotfix for those issues. (MS has had a rough year with updates it seems like there’s been at least one “problem child” fix each month.) This one was related to IE crashing on Windows 2000 SP4 and Win XP SP 1 It ALSO seemed to only affect html 1.1 encoded pages that involved compression *(that seems to be an odd enough combination I can imagine WHY that one got missed.)

There has been another bug making the rounds going by the name wgareg.exe. The previous link has suggestions on identifying and cleaning up the infection.

And finally, there may be another yahoo mail vulnerability. According to the description a malicious email could be opened by the victim and the “users cookie” would be sent back to the attacker. According to the description the malicious code would be in an attached html file and the victim did not need to view or download the attachmnet. This affected Internet Explorer according to the article.

Apparently, after retrieving the cookie, the attacker is able to log in to the victims yahoo mailbox, but cannot change the password (perhaps the cookie doesn’t disclose the password – just the active session?) It sounds like a session hijack more than a password crack. Yahoo has said that they are aware of the issue and will be rolling out a fix.

Related Posts

Blog Traffic Exchange Related Posts
  • 7 Updates coming from Microsoft in July We can expect 7 updates next week from Microsoft on the monthly patch day for July. Four of the updates will be for Windows, and 3 for Microsoft Office. There will be at least one critical update for each. It's expected that we'll see an update for the Excel issues......
  • IE 7 address bar spoofing issue Another issue was reported with the new IE 7 and confirmed by Microsoft. It seems that it's possible for a malicious link to spoof the information in the address bar (make it look like you're at a site that you're NOT at.) Incidents.org gives the following possible workaround... As a......
  • The security of remote tech support (ultravnc sc or x11vnc with wrapper script) Well, I've got a nice way of doing "easy" one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see......
Blog Traffic Exchange Related Websites
  • Tech Support - Funny Video Series While surfing through Youtube, I stumbled across this fun-filled tech support video series. All of the videos are sure to give you good amount of chuckle. I liked all of them, but first one is my favorite. Surely a stress buster after a bad day in office :) Enjoy! Tech......
  • What You Need From a WordPress Hosting Company Wordpress has taken over the world of websites and blogs, creating a simple and easy way for individuals get information out into the world of the Internet. The system gives users an incredibly easy platform to create the blogs, information, and news sites that they need to be successful. The......
  • Quicken Online Review Recently, Quicken Online has switched to a free service in order to compete with other free account aggregators. I have never consistently used an account aggregator to manage my personal finances, I have mostly used the Excel and file folder method. I gave Mint a shot when it first arrived......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site