Other MS patch news as well as a Yahoo vulnerability?



Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS…

“this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin.”

Not timeline yet on when… There are also public exploits out for (possibly related to MS06-046) which is related to the MS Help system.


There were also apparently problems with MS06-042 and there is a hotfix for those issues. (MS has had a rough year with updates it seems like there’s been at least one “problem child” fix each month.) This one was related to IE crashing on Windows 2000 SP4 and Win XP SP 1 It ALSO seemed to only affect html 1.1 encoded pages that involved compression *(that seems to be an odd enough combination I can imagine WHY that one got missed.)

There has been another bug making the rounds going by the name wgareg.exe. The previous link has suggestions on identifying and cleaning up the infection.

And finally, there may be another yahoo mail vulnerability. According to the description a malicious email could be opened by the victim and the “users cookie” would be sent back to the attacker. According to the description the malicious code would be in an attached html file and the victim did not need to view or download the attachmnet. This affected Internet Explorer according to the article.

Apparently, after retrieving the cookie, the attacker is able to log in to the victims yahoo mailbox, but cannot change the password (perhaps the cookie doesn’t disclose the password – just the active session?) It sounds like a session hijack more than a password crack. Yahoo has said that they are aware of the issue and will be rolling out a fix.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Update day for September.... AND Flash... AND Apple Yesterday, of course, Microsoft released it's monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn't quite a huge update day by recent standards, but here's the summary.... Incidents.org has a nice chart showing the two re-released patches (one is actually......
  • The security of remote tech support (ultravnc sc or x11vnc with wrapper script) Well, I've got a nice way of doing "easy" one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see......
  • IE 7 address bar spoofing issue Another issue was reported with the new IE 7 and confirmed by Microsoft. It seems that it's possible for a malicious link to spoof the information in the address bar (make it look like you're at a site that you're NOT at.) Incidents.org gives the following possible workaround... As a......
Blog Traffic Exchange Related Websites
  • Quicken Online Review Recently, Quicken Online has switched to a free service in order to compete with other free account aggregators. I have never consistently used an account aggregator to manage my personal finances, I have mostly used the Excel and file folder method. I gave Mint a shot when it first arrived......
  • Tech Support - Funny Video Series While surfing through Youtube, I stumbled across this fun-filled tech support video series. All of the videos are sure to give you good amount of chuckle. I liked all of them, but first one is my favorite. Surely a stress buster after a bad day in office :) Enjoy! Tech......
  • How Avid Golfers Can Avoid Joint Erosion If you are an avid golfer that plays several times a week, there is a risk that you could develop joint erosion. This is a painful process that can reduce your swing, and make it difficult to function normally. However, there are steps every avid golfer can take that will......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site