Other MS patch news as well as a Yahoo vulnerability?



Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS…

“this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin.”

Not timeline yet on when… There are also public exploits out for (possibly related to MS06-046) which is related to the MS Help system.


There were also apparently problems with MS06-042 and there is a hotfix for those issues. (MS has had a rough year with updates it seems like there’s been at least one “problem child” fix each month.) This one was related to IE crashing on Windows 2000 SP4 and Win XP SP 1 It ALSO seemed to only affect html 1.1 encoded pages that involved compression *(that seems to be an odd enough combination I can imagine WHY that one got missed.)

There has been another bug making the rounds going by the name wgareg.exe. The previous link has suggestions on identifying and cleaning up the infection.

And finally, there may be another yahoo mail vulnerability. According to the description a malicious email could be opened by the victim and the “users cookie” would be sent back to the attacker. According to the description the malicious code would be in an attached html file and the victim did not need to view or download the attachmnet. This affected Internet Explorer according to the article.

Apparently, after retrieving the cookie, the attacker is able to log in to the victims yahoo mailbox, but cannot change the password (perhaps the cookie doesn’t disclose the password – just the active session?) It sounds like a session hijack more than a password crack. Yahoo has said that they are aware of the issue and will be rolling out a fix.

Related Posts

Blog Traffic Exchange Related Posts
  • Remote Tech Support with x11vnc and wrapper script So, the idea is that I wanted something "like" the Ultranvnc Single Click download, only for linux. The main idea being is that if someone is looking for a bit of desktop tech support on linux, we don't need to be giving instructions for 5 different package managers, or source......
  • The security of remote tech support (ultravnc sc or x11vnc with wrapper script) Well, I've got a nice way of doing "easy" one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see......
  • Updating Windows XP SP2 serial number Intelliadmin published this earlier today... with all the problems some people have had with the Genuine advantage notification that their copy of Windows may not be legitimate (many reasons for this...) it may be necessary to buy a new copy of Windows and it would be a nuisance to have......
Blog Traffic Exchange Related Websites
  • What You Need From a WordPress Hosting Company Wordpress has taken over the world of websites and blogs, creating a simple and easy way for individuals get information out into the world of the Internet. The system gives users an incredibly easy platform to create the blogs, information, and news sites that they need to be successful. The......
  • Adobe Zero-Day Strikes Again Maybe Steve Jobs has the right idea about Adobe flash running on its iDevices... Another 0-Day Adobe issue is causing a buzz in the industry, read what Brian Prince of eWeek.com had to say about it... For the second time in nearly a week, Adobe Systems is warning users about......
  • Tech Support - Funny Video Series While surfing through Youtube, I stumbled across this fun-filled tech support video series. All of the videos are sure to give you good amount of chuckle. I liked all of them, but first one is my favorite. Surely a stress buster after a bad day in office :) Enjoy! Tech......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site