Sophos security news:
Social networking sites must improve their security.
More information at Sophos.com
-
Search
-
RSS Links
Categories
Archives
Monthly Archives: July 2009
Web 2.0 woe - Sophos threat report reveals cybercrime in first half of 2009
Posted in Sophos Security Leave a comment
MS09-033 - Important: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
Bulletin Severity Rating: - This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new [...]
Posted in MS Security Leave a comment
MS09-032 - Critical: Cumulative Security Update of ActiveX Kill Bits (973346)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in [...]
Posted in MS Security Leave a comment
MS09-031 - Important: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with [...]
Posted in MS Security Leave a comment
MS09-030 - Important: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
Bulletin Severity Rating: - This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or [...]
Posted in MS Security Leave a comment
Microsoft Security Advisory (973472): Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution - 7/23/2009
Revision Note: V1.2 (July 23, 2009): Added additional workarounds. Advisory Summary:Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, remote code execution is possible and may not require any user intervention.
Go [...]
Posted in MS Security Leave a comment
Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution - 7/14/2009
Revision Note: V2.0 (July 14, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-032 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-032. The vulnerability addressed [...]
Posted in MS Security Leave a comment
Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution - 7/14/2009
Revision Note: V2.0 (July 14, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-028 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-028. The vulnerability addressed [...]
Posted in MS Security Leave a comment
Microsoft Security Advisory (969898): Update Rollup for ActiveX Kill Bits - 6/17/2009
Revision Note: V1.1 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits [...]
Posted in MS Security Leave a comment
