Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

Linux Kernel 4.4.22 LTS Brings ARM and EXT4 Improvements, Updated Drivers

Immediately after announcing the release of Linux kernel 4.7.5, renowned kernel developer and maintainer Greg Kroah-Hartman informed the community about the availability of Linux kernel 4.4.22 LTS Read more

Tor Project Releases Tor (The Onion Router) 0.2.8.8 with Important Bug Fixes

The Tor Project announced recently the release of yet another important maintenance update to the stable Tor 0.2.8.x series of the open-source and free software to protect your anonymity while surfing the Internet. Read more

SODIMM-style i.MX7 COM features dual GbE, WiFi/BT, eMMC

Variscite’s Linux-driven “VAR-SOM-MX7” COM is shipping with an i.MX7 Dual SoC, WiFi and BLE, dual GbE, and optional eMMC and extended temp. support. Variscite’s VAR-SOM-MX7 follows many other Linux-ready computer-on-modules based on NXP’s i.MX7 SoC, which combines one or two power-stingy, 1GHz Cortex-A7 cores with a 200MHz Cortex-M4 MCU for real-time processing. While most of these offer a choice of a Solo or Dual model, and the NXP/Element14 WaRP7 offers only the Solo, the SODIMM-style VAR-SOM-MX7 taps the dual-core Dual. Unlike most of these modules, but like the WaRP7 and the CompuLab CL-SOM-iMX7, Variscite’s entry offers onboard WiFi and Bluetooth, in this case Bluetooth 4.1 with BLE. Read more

Security News

  • Security advisories for Monday
  • OpenSSL security advisory for September 26
    This OpenSSL security advisory is notable in that it's the second one in four days; sites that updated after the first one may need to do so again.
  • Who left all this fire everywhere?
    If you're paying attention, you saw the news about Yahoo's breach. Five hundred million accounts. That's a whole lot of data if you think about it. But here's the thing. If you're a security person, are you surprised by this? If you are, you've not been paying attention.