Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

Hadoop and Spark

Openwashing

Leftovers: Software

  • Pitivi 0.96 — Cogito Ergo Proxy
  • Pitivi 0.96 Released With Proxy Editing Support
    In addition to proxy editing, Pitivi 0.96 also has timeline changes, transformation box, setting changes, user interface improvements, the start of allowing custom keyboard shortcuts, and support for Flatpak packages.
  • Calamares 2.3 Universal Linux OS Installer Released with Full-Disk Encryption
    Today, June 30, 2016, the Calamares team was proud to announce the final release and immediate availability for download of the Calamares 2.3 distribution-independent system installer. Calamares is currently being used in numerous popular operating systems, including, but not limited to, KaOS, Apricity OS, Chakra GNU/Linux, Netrunner, Sabayon, and OpenMandriva. It is the universal installer framework that many GNU/Linux distributions should adopt as it's now one of the most advanced system installers.
  • etcd3: A new etcd
    Over the past few months, CoreOS has been diligently finalizing the etcd3 API beta, testing the system and working with users to make etcd even better. Today etcd v3.0.0, the distributed key value store developed by CoreOS, is available. In practice, etcd3 is already integrated into a large-scale distributed system, Kubernetes, and we have implemented distributed coordination primitives including distributed locks, elections, and software transactional memory, to ensure the etcd3 API is flexible enough to support a variety of applications. Today we’re proud to announce that etcd3 is ready for general use.
  • Zend Framework 3 Released!
    After 17 months of effort, hundreds of releases, tens of thousands of commits by hundreds of contributors, and millions of installs, we're pleased to announce the immediate availability of Zend Framework 3.
  • ANNOUNCE: virt-viewer 4.0 release
  • Virt-Manager's Virrt-Viewer 4.0 Released

today's howtos