Windows’ Gaping, Seven Month Hole

Quite a big hooha over this latest Microsoft vulnerability, and I readily ‘fess up to the fact that I didn’t really take this seriously. Seems like I wasn’t the only one. But folk like Shawna McAlearney of SearchSecurity.com points out that the delay of 200 days between Microsoft being notified and their coming out with …

Continue reading ‘Windows’ Gaping, Seven Month Hole’ »

News: Microsoft Realises Patches Don’t Work Shock

 From the About Time Dept comes news that Microsoft realises the whole ‘issue a patch to cover a hole, knowing only a few people actually download it’ approach may be, er, flawed. CNET reports that Microsoft plans next week to outline a new security effort focused on what the company calls “securing the perimeter”. Details …

Continue reading ‘News: Microsoft Realises Patches Don’t Work Shock’ »

News: Beware Of Patches That Don’t Patch

 From the This Doesn’t Inspire Confidence Dept comes news that a patch recently released by Microsoft to fix a critical security vulnerability in its Internet Explorer browser does not work, according to security experts. CNET says that the vulnerability was discovered by eEye Digital Security around four months ago. The vulnerability in question can be exploited by …

Continue reading ‘News: Beware Of Patches That Don’t Patch’ »

News: A Patch In Time Saves You Online

 This from the guys at Information Security Magazine, a warning about some new, and serious vulnerabilities in Microsoft software. The most critical vulnerability is titled ?Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution? (MS 03037). Microsoft provided few details about the actual vulnerability, but says the flaw is dangerous and users of …

Continue reading ‘News: A Patch In Time Saves You Online’ »

Update: Microsoft May Stop Footing Pussies

 Security Wire Digest, published by Information Security Magazine, reports that Microsoft may stop pussyfooting around on updates to its Windows operating system. In the wake of the worm that ripped through networks worldwide by exploiting a vulnerability for which a patch had been released more than three weeks before, the company is considering several plans …

Continue reading ‘Update: Microsoft May Stop Footing Pussies’ »

Update: Beware Worms Carrying Gifts

 You’re probably heard of the computer worm that is seemingly benign: W32.Welchia.Worm targets customers infected with the W32.Blaster.Worm, deletes it, attempts to download the patch from Microsoft’s Windows Update Web site to correct the hole that allowed the worm in the first place, installs the patch, and then reboots the computer. All very nice, on …

Continue reading ‘Update: Beware Worms Carrying Gifts’ »