Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

The 2016 Open Source Jobs Report

Red Hat News

  • Want to work in Release Engineering in Europe?
    Red Hat Release Engineering is hiring in Europe.
  • Red Hat targets midmarket with Keating, Tech Data partnerships
    Red Hat Canada has unveiled a new approach to reach the lower end of the enterprise and the upper midmarket in partnership with Keating Technologies and Tech Data Canada. Under the program, Keating will work with the vendor to uncover and qualify leads in the $500 million to $1.0 billion market. Once fully developed, those leads will be handed over to existing Red Hat Canada partners to close the deal, and will be fulfilled through Tech Data.
  • Gulf Air creates private cloud to support open-source big data engine
    Bahrain’s national carrier is using Red Hat Enterprise Linux, Red Hat JBoss Enterprise Application Platform, and Red Hat Storage as a platform for its Arabic Sentiment Analysis system, which monitors people’s comments through their social media posts.
  • Fedora Pune meetup April 2016
    I actually never even announced the April meetup, but we had in total 13 people showing up for the meet. We moved the meet to my office from our usual space as I wanted to use the white board. At beginning I showed some example code about how to write unittests, and how are we using Python3 unittests in our Fedora Cloud/Atomic images automatically. Anwesha arranged some soft drinks, and snacks for everyone.

Android Leftovers

“LEDE” OpenWrt fork promises greater openness

A “Linux Embedded Development Environment” (LEDE) fork of the lightweight, router-oriented OpenWrt Linux distribution vows greater transparency and inclusiveness. Some core developers of the OpenWrt community has forked off into a Linux Embedded Development Environment (LEDE) group. LEDE is billed as both a “reboot” and “spinoff” of the lightweight, router-focused distribution that aims to build an open source embedded Linux distro that “makes it easy for developers, system administrators or other Linux enthusiasts to build and customize software for embedded devices, especially wireless routers.” Read more