Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS…
“this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin.”
Not timeline yet on when… There are also public exploits out for (possibly related to MS06-046) which is related to the MS Help system.
MS06-040 is one of last weeks Windows updates and is the one that was probably the biggest target for “wormable” activity. There’s a good deal of news from over the weekend with regards to this. First: Snort signatures, the MS06-040 exploit was spotted actively “in the wild”, and of course, our perennial friends in the spamming world didn’t waste much time in making use of this one.
Incidents.org is reporting on the defacement of a security related web site (winsnort.com). They say they usually decline to comment on those because the attention is what the defacers thrive on. However, it does pay to keep your browser updated and antivirus current. What’s more…. Several days ago there was the news that the President of Iran now has a blog (which is ironic in many ways given the restrictions they place on internet use….) But… anyway, I figured he is getting his propaganda tool our and ready in advance of the UN showdown over the nuclear program. Well, it turns out that some have noticed an interesting gift from the visit to Mr. Ahmadinejad’s site….
This is worth reading if you’ve got a Dell laptop. There have been numerous stories in recent months of Dell laptops exploding into flames and it looks as though now over 4 million batteries from their inspiron, Latitude and Precision laptops are being recalled. The manufacture dates range from April 2004 to July 18, 2006. There is a Dell site for this issue www.dellbatteryprogram.com. Realistically, the new lithium ion batteries are trying to pack a large power density into a small space and if something goes wrong, it can go BAD wrong….
The new Docsis 3.0 standard has been finalized and it allows for 160Mbps or more downstream and 120Mbps upstream. It also will support IPv6. Of course, in order to support those speeds cable system hardware will need to be upgraded (and cable modems…) so don’t expect those speeds next month. But, perhaps by ~2008?
Our local cable just started advertising 10Mbps as their fastest speed (previous was 5Mbps). I’d personally love to see those upstream speeds upped as well.
It looks as though Ubuntu has released the first maintenance release in the Dapper Drake life cycle. So, now 6.06.1 can be downloaded. (In analagous terms this might be considered the first service pack). Many updates have been incorporated into the bootable install cds which should cut the amount of download updates a new install would need right out of the box. http://releases.ubuntu.com/6.06.1/ (Ubuntu), http://releases.ubuntu.com/kubuntu/6.06.1/ (Kubuntu), http://releases.ubuntu.com/edubuntu/6.06.1/ (Edubuntu), http://cdimage.ubuntu.com/xubuntu/releases/6.06.1/release.1/ (Xubuntu).
A new version of Ruby on Rails has been released in response to a critical security vulnerability. The link will take you to information at incidents.org. 1.1.5 is the new version and should be compatible with 1.1.4 all previous versions appear to be vulnerable.
The big computer security news of the day is the release of exploit code publicly for MS06-040. The patch of course was released Tuesday and it is fairly critical to get the update installed. This is “wormable” It CURRENTLY affects all Windows 2000 systems and XP (with no service pack) as well as SP1. It currently doesn’t seem to work with SP2 of Win XP, or with Windows 2003 or NT4. A bit more information is at the incidents.org link above.
I finally got the Mandriva 2006 rpms rebuilt for Mozilla Firefox 1.5.0.6. I ‘ve been running it for a bit and it and all seems well. Of course, this is always at your own risk. http://www.averyjparker.com/wp-content/downloads/firefox/mozilla-firefox-1.5.0.6/
You can find updated rpms for Mandrake 10.0 of the recent clamantivirus update at http://www.averyjparker.com/wp-content/downloads/clamav-0.88.4/.