Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Incalzire casa fara gaz/lemne

Incalzire in pardoseala etapizata

Suprataxa card energie?!

Cum era nivelul de trai cam din a...
 probleme cu ochelarii

Impozite pe proprietati de anul v...

teava rezistenta panou apa calda

Acces in Curte din Drum National
 Sub mobila de bucatarie si sub fr...

Rezultat RMN

Numar circuite IPAT si prindere t...

Pareri brgimportchina.ro - teapa ...
 Lucruri inaintea vremurilor lor

Discuții despre TVR Sport HD.

Cost abonament clinica privata

Tremura toata, dar nu de la ro...
 

Breaking news

- - - - -
  • This topic is locked This topic is locked
207 replies to this topic

#163
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Microsoft Security Bulletin Summary for September, 2006

Critical
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution

Important
Vulnerability in Reliable Multicast Program (PGM) Could Result in Denial of Service

Moderate
Vulnerability in Indexing Service Could Allow Cross-Site Scripting

Update: Microsoft security patches for September 2006 - SANS Internet Storm Center

Edited by Daisuke, 12 September 2006 - 23:13.


#164
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Ad-Aware - False positives cu semnaturile de ieri 12 septembrie

Pana cand Lavasoft va remedia problema ignorati cele de mai jos:

Quote

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

BargainBuddy Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 8
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-1417001333-1659004503-725345543-1004\software\microsoft\windows\
                             currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4

Edited by Daisuke, 13 September 2006 - 21:51.


#165
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions

Adobe Security Bulletin: http://www.adobe.com.../apsb06-11.html

Se recomanda update la versiunea: 9.0.16.0.

Highly critical (Secunia)

Edited by Daisuke, 13 September 2006 - 22:12.


#166
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Si Apple ...

Apple QuickTime Multiple Vulnerabilities

Highly critical (Secunia)

Se recomanda update la versiunea: 7.1.3

#167
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
0-day exploit: Microsoft Internet Explorer "daxctle.ocx" KeyFrame Memory Corruption Vulnerability

FrSirt: http://www.frsirt.co...ories/2006/3593
FrSirt: Critical Risk (4/4) (Remotely exploitable flaws, which could lead to system compromise, without user interaction).

Exploitul a fost publicat si FrSirt a reusit sa exploateze cu succes vulnerabilitatea pe un sistem cu Windows XP SP2 cu patchurile la zi.

Recomandari: dezactivati Active Scripting in Internet Explorer (Internet Zone si Local intranet)

How to Disable Active Content in Internet Explorer


In plus pregatiti-va pentru security update la Mozilla Firefox si Thunderbird. In curand va apare versiunea 1.5.0.7.

Edited by Daisuke, 14 September 2006 - 23:25.


#168
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Mozilla Firefox & Thunderbird Security Update

Fixed in Firefox 1.5.0.7

Fixed in Thunderbird 1.5.0.7

#169
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Inca un exploit 0-day (MS Internet Explorer)

Sunbelt: Seen in the wild: Zero Day exploit being used to infect PCs

Detalii (FrSirt): Microsoft Internet Explorer Vector Markup Language Code Execution Vulnerability

Recomandari: disable active scripting (vezi mai sus) si folositi alt browser pana la aparitia unui patch.

[Update]
Pentru aceasta vulnerabilitate exista un workaround:

Microsoft Security Advisory (925568): Vulnerability in Vector Markup Language Could Allow Remote Code Execution
[\Update]

Edited by Daisuke, 19 September 2006 - 23:54.


#170
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Si inca un exploit 0-day pentru PowerPoint

Trojan.PPDropper.E

Symantec said:

Trojan.PPDropper.E is a Trojan horse that exploits an undocumented Microsoft PowerPoint Remote Code Execution Vulnerability and drops another threat onto the compromised computer.

Recomandari: nu deschideti documente / fisiere fara sa le scanati.

[Update]
Produse afectate:
Microsoft Office 2000
Microsoft PowerPoint 2000
[\Update]

Edited by Daisuke, 20 September 2006 - 07:18.


#171
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Proof of Concept pentru vulnerabilitati in documentul PDF

Hacker Discovers Adobe PDF Back Doors

PDF vulnerabilities

#172
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
2 vulnerabilitati in MSIE

Una este deja exploatata "daxctle.ocx" KeyFrame Memory Corruption Vulnerability - vezi mai sus

Pentru a doua exploitul este disponibil. Microsoft Windows WebViewFolderIcon ActiveX integer overflow

Recomandare: Securing Your Web Browser

Pentru vulnerabilitatea VML exista un patch: http://forum.softped...m...t&p=1915886


O noua vulnerabilitate in PowerPoint

Vulnerability in PowerPoint Could Allow Remote Code Execution

Produse afectate: Office 2000, Office XP, Office 2003

Edited by Daisuke, 28 September 2006 - 07:36.


#173
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
WebViewFolderIcon setSlice exploit in the wild

Vulnerability in Windows Shell Could Allow Remote Code Execution

WebViewFolderIcon setSlice exploit in the wild - follow up

WebViewFolderIcon ActiveX control exploit(s) in the wild

Solutie pana la aparitia unui patch: Setslice Killbit Apps

Folositi WEBVW.DLL_KillBit.exe pentru a instala un "killbit".

#174
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Vulnerabilitate zero-day si in Firefox ?

News.com: Hackers claim zero-day flaw in Firefox

SecurityFocus: Mozilla Firefox Unspecified Javascript Remote Code Execution Vulnerability

Nu exista informatii pana in acest moment ca ar fi exploatata vulnerabilitatea "in the wild".

Edited by Daisuke, 01 October 2006 - 20:36.


#175
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Update: Vulnerabilitate zero-day si in Firefox ?

Se pare ca a fost o "gluma". Mozilla a reusit sa obtina doar un DoS (denial of service), nu "code execution".
Possible Vulnerability Reported at Toorcon

Cu toate astea echipa de la Mozilla continua sa investigheze.
Update: Possible Vulnerability Reported at Toorcon

#176
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
De azi MS nu mai ofera suport pentru SP1 si SP1a

Asta inseamna ca de azi nu vor exista patch-uri pentru SP1 / SP1a.

Windows XP SP1 and SP1a support ends on October 10, 2006

Suportul pentru W98 si Me a incetat in iulie 2006.
End of support for Windows 98, Windows Me, and Windows XP Service Pack 1

Edited by Daisuke, 10 October 2006 - 21:22.


#177
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Microsoft Security Updates

October 2006 Bulletin Release

Microsoft patch tuesday - October 2006 STATUS

Patch-urile pot fi downlodate manual deocamdata. MS are "some network issues experienced on the Microsoft Update platform" si instalarea automata va intarzia pana la rezolvarea problemelor.

Microsoft Security Response Center Blog said:

Due to some network issues experienced on the Microsoft Update platform, the October security updates released today are not yet currently available via:

    * Microsoft Update
    * Automatic Updates
    * Windows Server Update Services (WSUS)
    * Windows Update v6  

To be clear, it’s a delay due to the networking for these systems: there are no issues with the security updates themselves.

Edited by Daisuke, 10 October 2006 - 21:23.


#178
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
O noua vulnerabilitate 0-day in Power Point

Proof of Concept este disponibil.

Microsoft PowerPoint Unspecified Remote Unspecified Code Execution Vulnerability

Microsoft Security Response Center Blog: PoC published for MS Office 2003 PowerPoint


Internet Explorer 7
MSIE 7 va fi lansat pe 24 octombrie si va fi disponibil via Microsoft Update.

MSIE 7 va putea fi instalat de utilizatori ai Windows XP SP2, Windows XP 64-bit Edition si Windows Server 2003 SP1.

Automatic Delivery of Internet Explorer 7

Pana atunci puteti incerca MSIE7 Release Candidate 1: http://www.microsoft...ie/default.mspx

Edited by Daisuke, 13 October 2006 - 20:11.


#179
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Internet Explorer 7

Download: Internet Explorer 7 FINAL 7.0.5730.11

Microsoft download: Introducing Internet Explorer 7

Internet Explorer Developer Center

Exploring Internet Explorer

Alte articole:

Getting back to basics: Stuff you wanted to know about Internet Explorer but were too shy to ask

Phishers begone

Drive-by downloads: Stealthy downloads and Internet Explorer's new defense against them

#180
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Si ... prima vulnerabilitate in Internet Explorer 7 ?

Secunia publica informatii despre o vulnerabilitate in MSIE 7
Internet Explorer 7 "mhtml:" Redirection Information Disclosure

Pe alt site (bink.nu) citesc ca ar fi vorba de o vulnerabilitate in Outlook Express.
Nu stiu daca e vorba de aceiasi problema.

Anyway, Secunia ofera si un test: http://secunia.com/advisories/19738/ care spune ca MSIE 7 e vulnerabil.


Vulnerabilitate in Adobe Flash Player

Adobe Security Advisory: HTTP header injection vulnerabilities in Adobe Flash Player

Rapid7 Advisory R7-0026

Produse afectate: Adobe Flash Player 9.x, 8.x, si 7.x.

Edited by Daisuke, 19 October 2006 - 21:25.


Anunturi

Bun venit pe Forumul Softpedia!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate