Tag: Microsoft
-
New Microsoft IE flaw
Microsoft has issued a new security advisory ( 980099 ) to address a publicly disclosed vulnerability in Internet Explorer that may allow information disclosure for Windows XP users or for users who have disabled Internet Explorer Protected Mode. The advisory explains that content can be forced to render incorrectly from local files in such a…
-
IE in trouble again
Only a day after the last patch was released for IE that fixed problems relating to the Google ( and other ) attacks from December, a number of new vulnerabilities have been found in IE ( no version details yet ) which when combined, can lead to remote execution on a Windows PC. Core Security…
-
Widespread Attacks on IE bug start
The first widespread attack to leverage a recently patched flaw in Microsoft’s Internet Explorer browser has surfaced. Starting late Wednesday, researchers began spotting dozens of Web sites that contain the Internet Explorer attack, which works reliably on the IE 6 browser, running on Windows XP. The attack installs a Trojan horse program that is able…
-
17-year old security hole in all Windows versions
I sometimes feel as if I’m picking on Microsoft for its crappy security ( there’s always some new hole to talk about ) but then I sit back and realise that their products really do have poor security and I don’t need to feel ashamed for reporting on it. For example, a Google engineer recently…
-
Microsoft Internet Explorer security patches released
Microsoft on Thursday issued a cumulative critical patch for Internet Explorer that fixes eight vulnerabilities, including a hole targeted in the China-based attacks on Google and other U.S. companies. The security update is rated critical for all supported releases of IE 5, 6, 7, and 8, according to the advisory. The more severe vulnerabilities could…
-
‘Dump Internet Explorer’ says France
It seems it wasn’t only the Germans who thought it necessary to suggest the use of a browser alternative to IE – the French Certa agency ( which looks after cyber threats in France ) have now weighed in on the matter and suggested the same. And they’ve included all versions of IE in this…
-
Microsoft breaks Perl CPAN testers system
As if Microsoft hasn’t got it’s hands full enough with security breaches in it’s software aiding the Chinese in attacks on US companies, it has now been implicated in DoS attacks on the Perl CPAN testers’ system of sites, databases and mirrors. The problem appears to be that Microsoft’s bots do not adhere to the…
-
Google, China and security
A drama of world-wide proportions ( that wouldn’t out of place in a Hollywood blockbuster ) has been playing out over the last week concerning Google’s operations in China. It all started with denial of service attacks against Google’s Gmail service in late December last year ( and attacks against about about 30 other US…
-
Windows and on-line banking
The 2 concepts above should never be spoken ( let alone used ) together considering the poor security track record of all Windows operating systems but somehow people still ‘trust’ the venerable OS to do their daily banking, paying of accounts and transferring of monies. So the question is why? I can only think of…
-
The OOXML gravy train continues
It seems that the Microsoft-dominated SC34/WG4 committee responsible for maintaining the ISO/IEC 29500 standard ( Microsoft’s submitted document format standard ) is now making changes outside the scope of the mandated rules, in a possible attempt at bringing the standard more in line with MS Office 2007. There is a clear delineation in the rules…
-
Data loss for Sidekick users Part 3
Internetnews.com mentioned on the 16th October that the bulk of the data had been recovered: “Microsoft today reports it recovered the majority of lost customer data for Sidekick owners amid a flurry of lawsuits filed yesterday over the recent server failure caused a service outage and data loss.” This is not quite the truth: no…
-
Microsoft hijacks Firefox Part 2
So there was a call for Mozilla to blacklist the MS plugins. And that is exactly what they have done! The Microsoft .NET Framework Assistant and Windows Presentation Foundation were added, for reasons of their vulnerability to remote code execution. All versions for all applications have been blocked. Apparently the Framework Assistant has now been…
-
Microsoft hijacks Firefox
Microsoft was quite upset with Google recently with the latter’s attempt to install a plugin ( Google Frame ) for IE; it seems though that it’s fine for Microsoft to install a plugin for Firefox – and it’s come back to haunt them with a security hole in the plugin that they silently installed! Earlier…
-
Data loss for Sidekick users Part 2
So yesterday Microsoft/Danger indicated that they had managed to get back most of the users’ data that was ‘lost’ as part of a problem with their core database earlier this week. Unfortunately not many of their customers are amused and have started a host of legal challenges regarding the system failure. Most of this revolves…
-
Data loss for Sidekick users
It appears that Sidekick users in the USA, who stored their data/backups on-line though the Microsoft/Danger on-line cloud service, have lost access to all their data after a server failure: “Regrettably, based on Microsoft/Danger’s latest recovery assessment of their systems, we must now inform you that personal information stored on your device—such as contacts, calendar…