Other MS patch news as well as a Yahoo vulnerability?



Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS…

“this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin.”

Not timeline yet on when… There are also public exploits out for (possibly related to MS06-046) which is related to the MS Help system.


There were also apparently problems with MS06-042 and there is a hotfix for those issues. (MS has had a rough year with updates it seems like there’s been at least one “problem child” fix each month.) This one was related to IE crashing on Windows 2000 SP4 and Win XP SP 1 It ALSO seemed to only affect html 1.1 encoded pages that involved compression *(that seems to be an odd enough combination I can imagine WHY that one got missed.)

There has been another bug making the rounds going by the name wgareg.exe. The previous link has suggestions on identifying and cleaning up the infection.

And finally, there may be another yahoo mail vulnerability. According to the description a malicious email could be opened by the victim and the “users cookie” would be sent back to the attacker. According to the description the malicious code would be in an attached html file and the victim did not need to view or download the attachmnet. This affected Internet Explorer according to the article.

Apparently, after retrieving the cookie, the attacker is able to log in to the victims yahoo mailbox, but cannot change the password (perhaps the cookie doesn’t disclose the password – just the active session?) It sounds like a session hijack more than a password crack. Yahoo has said that they are aware of the issue and will be rolling out a fix.

Related Posts

Blog Traffic Exchange Related Posts
  • If the cumulitive IE patch fails to install This is related to MS05-054... According to Incidents.org it's possible that this will not install (user submission of this). They also have a user submitted workaround... Shinil Hong of SUNY Buffalo has sent us his analysis of problems encountered with the installation of MS05-054. Here's what Shinil found out: The......
  • Gateway gt4022 Won't Boot | Won't Post | Dead Motherboard The title says most all, the system would start to act as though it was powering up. The LED would come on for a second and the fans would start. The fans stayed on, but the LED went right back off and the system didn't seem to POST, or show......
  • Remote Tech Support using VNC (Ultravnc SC and x11vnc+wrapper script) Ok, some time back I'd done a writeup on UltraVNC SC, which is a nice customizable (windows version) VNC server that essentially let's someone doing remote support build their own downloadable .exe that runs and automatically tries to make a direct connection to a "listening" vnc viewer. It's good for......
Blog Traffic Exchange Related Websites
  • What You Need From a WordPress Hosting Company Wordpress has taken over the world of websites and blogs, creating a simple and easy way for individuals get information out into the world of the Internet. The system gives users an incredibly easy platform to create the blogs, information, and news sites that they need to be successful. The......
  • Adobe Zero-Day Strikes Again Maybe Steve Jobs has the right idea about Adobe flash running on its iDevices... Another 0-Day Adobe issue is causing a buzz in the industry, read what Brian Prince of eWeek.com had to say about it... For the second time in nearly a week, Adobe Systems is warning users about......
  • How Avid Golfers Can Avoid Joint Erosion If you are an avid golfer that plays several times a week, there is a risk that you could develop joint erosion. This is a painful process that can reduce your swing, and make it difficult to function normally. However, there are steps every avid golfer can take that will......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site