Sans has updated their chart that illustrates Microsoft’s August patches. They’ve updated it to give information about the problems that have been reported with now 2 of this months patches (MS06-040 and MS06-042) as well as what fixes are available.
Category: Windows Software
-
Other MS patch news as well as a Yahoo vulnerability?
Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS…
“this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin.”
Not timeline yet on when… There are also public exploits out for (possibly related to MS06-046) which is related to the MS Help system.
-
MS06-040 update
MS06-040 is one of last weeks Windows updates and is the one that was probably the biggest target for “wormable” activity. There’s a good deal of news from over the weekend with regards to this. First: Snort signatures, the MS06-040 exploit was spotted actively “in the wild”, and of course, our perennial friends in the spamming world didn’t waste much time in making use of this one.
-
Exploit out for MS06-040
The big computer security news of the day is the release of exploit code publicly for MS06-040. The patch of course was released Tuesday and it is fairly critical to get the update installed. This is “wormable” It CURRENTLY affects all Windows 2000 systems and XP (with no service pack) as well as SP1. It currently doesn’t seem to work with SP2 of Win XP, or with Windows 2003 or NT4. A bit more information is at the incidents.org link above.
-
Microsoft August Updates
Incidents.org has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the day. Hopefully we can get more details from the technet security page when it’s updated.
Update…. Details time…
-
HDR – High Dynamic Range – Images under linux
HDR – recently I heard someone talking about this with regards to digital imaging. The idea is that you have three identical images (landscapes) taken from a stationary (tripod) camera. The only difference is the exposure times vary. Together you can blend them to create a more impressive final picture. Yes, I just talked about fake photos and digital imaging. This, to me, is in a different class of photo editing…. enhancement(?) – well… anyway. There are a number of ways to do this, photoshop, I understand has support for doing this and it’s possible under linux as well with the Gimp.
-
Vista’s fatal flaw?
Backwards compatibility. It’s something that many vendors strive for and Microsoft is certainly one that has placed a value on making things backwards compatible for third party software. According to this story at Sci-Tech Today, Symantec thinks this eagerness to be backwards compatible may be a big issue for Vista’s security. They expect several “privilige escalation” vulnerabilities to be found and say that if those such vulnerabilities are discovered in the prompt for user consent…. well essentially all of the systems security precautions could be undermined. The whitepaper on the details talks about several issues that have been patched at this stage in the Vista development process, but the main question is how many are out there?
-
Another WMF exploit??
Security Focus has a brief that refers to a WMF zero-day vulnerability that affects Windows XP SP2. I suspect this may get a bit of coverage throughout the day. It appears as though there are actually 3 issues cited.
-
AVG antivirus false positive
Incidents.org has some reports of false positives reported by Grisoft’s AVG antivirus running on Windows XP (SP1)…. The false positive was with a file named C:\i386\REG.EXE which is a legit file from the Windows XP SP1 install. No other news or details on this as of yet.
-
Windows update advance notice for August 2006
August’s advance bulletin of Microsoft updates is already up. Tuesday of course is the monthly Microsoft patch day. It appears as though there will be 12 updates this time around. As usual, it could be that individual updates fix multiple problems. 10 updates will affect Windows at least 1 critical, will require a restart. 2 updates will affect Office, at least 1 critical, MAY require a restart. Also the malicious software removal tool will see an update.