As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only (as far as I know), RealVNC 4.1.1 on Windows (prior versions may be, but the initial report didn’t indicate 4.1.0 to be vulnerable.) Don’t take the last sentence to give an excuse NOT to check, check if you have updates for your vnc product.
Tag: Windows
-
Media player and video codecs made simple…
The biggest problem with Audio and video content is the variety of different codecs that are supported by different players. On Windows this usually means having Windows Media Player, Realplayer and Quicktime installed, plus who knows what else. I was having a discussion yesterday about some videos that I had given to someone that work fine on my linux desktop, (divx format I believe), however Windows media player fails to find a codec. I told him that I’ve always felt Media Player was a bit “snobbish” with regards to codecs. It’s a great idea to be able to detect and download the codec on demand, but in reality, I didn’t recall seeing xvid/divx being among those that would auto-download (may have changed by know I’m not certain.) Anyway, I suggested mplayer as a good multi-format video player. Mplayer will handle most any video format thrown at it.
-
Apple Quicktime and OS X updates to patch multiple security vulnerabilities
Apple has released Quicktime v. 7.1 for both Windows and OS X to address about 12 vulnerabilities. It looks as though all of the vulnerabilities were related to either a specially crafted images or movies (a variety of formats…) Upgrade or use another viewer…
-
Vista UAP (User Account Protection) – too much?
First let me tell you I have not seen first hand Microsoft’s Vista UAP (User Account Protection) I cannot then claim firsthand experience with it, the following is and will be based on what I have read plus how it relates and compares to linux and “run as” functionality. George Ou thinks that UAP is getting a “bum rap” from people, some of whom want it both ways, tighter file access security, but this is annoying… Another ZDNet columnist has done a more detailed look at UAP. One of the articles cited by George Ou is this post from Paul Thurrott which is highly critical of UAP
-
Microsoft updates for May
It looks as though there are two critical updates to be had today, one moderate/low (depending on the OS version.) The critical updates are one biggy for Exchange server which is reported to break some functionality with regards to Blackberry -> exchange server integration… This is an obviously important patch to get in since the vulnerability would allow for remote code execution. The other critical patch….
-
Microsoft May 2006 patch Tuesday updates
Now that the April patches have been patched…. it’s time to look forward to what updates we’ll be seeing from Microsoft this coming Tuesday May 9th… There are 3 expected updates for May, 2 for Windows and one for Exchange Server. The Exchange update is listed as critical as is AT LEAST one of the two Windows patches.
-
Make an autorun cd show a web document on autoplay…
There’s a utility called Thumbs that looks like a good quick way to make a cd launch a web documented on autoplay in Windows 95/98/ME/NT/2000/XP/ …Of course, autoplay under windows is fairly easy to setup. If you have a program on the disk you can just have autorun.inf in the root directory of the cd and in that you can specify WHAT program to autorun. The problem with html documents on a disk is telling the computer how to run it. (Yes you can adjust the icon as well.)
-
Rumors and more on Vista
It’s interesting to see the rumor mill around Vista – I saw articles this morning claiming that 60% of the Vista code would have to be rewritten and the Xbox team was pulled to work on Vista – from what I can see both of those are not true. I suspect people are looking to explain why the release has slipped into the next year. I do find it interesting that there were such ambitious plans for Vista which have gradually evaporated and pushed to a future release and the pruned back plans just aren’t within reach in a short amount of time. However, in some ways software development is about making big plans reality, sometimes it just turns out to be bigger than you thought.
-
Another critical IE flaw
I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of “driveby downloads” using this tactic consider alternative browsers until you’re patched. (Although in reality, with IE’s integration in Windows, it’s hard to be completely safe this way with other apps using IE to view html objects….)
-
March Microsoft Updates – etc.
I can’t believe it’s been so long without a post – last post was the last MS update cycle. I’ve been trying to avoid spending almost every waking hour at a computer for a while. Anyway, advance notice for the March Microsoft updates came out and it appears as though the only critical update is expected for Office, with an “important” update for Windows. The Office update may require a reboot, the Windows update is not expected to require a reboot.
Hopefully this will make for an un-eventful patch cycle.