Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

Samsung begins updating Z1 Smartphone in India to Tizen 2.4 – version Z130HDDU0CPB1

Today, we have some good news for our Samsung Z1 readers that are based in India, as their Z1 Smartphones begin receiving the much awaited final release of the Tizen 2.4 Operating System update version Z130HDDU0CPB1. The update will be delivered Over the Air (OTA), so will either use your WiFi or network providers cellular data. It is advised to use WiFi as the update is pretty big. For Tizen 2.3 users the size of the update from BOK2(2.3) is ~262MB. For Tizen 2.4 Beta users who are on COL6 the size of the update is ~17MB. Read more

Example Uses Of The Linux grep Command

The Linux grep command is used as a method for filtering input. GREP stands for Global Regular Expression Printer and therefore in order to use it effectively you should have some knowledge about regular expressions. In this article I am going to show you a number of examples which will help you understand the grep command. Read more

Red Hat encourages open source adoption at Asia Pacific Forum in Philippines

Red Hat, Inc. yesterday hosted the Red Hat Forum Asia Pacific in Manila, the Philippines. The conference provided an outlet for local businesses to discuss and learn about open source technology innovations, successes, and best practices. With this year’s theme, “Energize Your Enterprise,” the Red Hat Forum focused on the IT solutions enterprises are using to help innovate and transform the way business is done. In addition to Red Hat’s technology vision keynote, speakers covered a range of topics, from containers to the Internet of Things (IoT). Read more

today's leftovers

  • Readers Say ‘No’ to Antivirus on Linux
    A few weeks back when Ken Starks wrote an anecdotal column on an experience with a false positive from Avast antivirus on GNU/Linux, we started thinking. We run antivirus on our LAMP servers with the intent of protecting poor suckers on Windows, but on our Linux desktops and laptops? Pretty much, no. Some of us had tried the open source ClamAV at one time or another, mainly out of curiosity, but none of us had stuck with it. To our knowledge, until Starks wrote his column none of us even knew anybody who had ever run proprietary AV on Linux boxes.
  • openSUSE Tumbleweed – Review of the week 2016/4 & 5
  • Almost weekend again – what’s in store
    I updated my packages for calibre and chromium with new versions. I updated the set of “compat32” packages for a multilib setup on slackware64-current to match the Slackware packages contained in the new Slackware 14.2 Beta 2.
  • Slackware 14.2 Beta 2 Announced
    Good news for everyone. Slackware 14.2 is getting close to release as Pat now announced Slackware 14.2 Beta 2 on the latest changelog. This update also brings some security changes for all supported Slackware releases back to Slackware 13.0!!!
  • Make a $40 Linux or Android PC with this tiny new Raspberry Pi 2 rival
    If you want to build a powerful $40 Linux or Android PC with 4K video support, consider Hardkernel’s Odroid-C2 computer. The developer board is an uncased computer like the popular Raspberry Pi 2, which sells for $35. But South Korea-based Hardkernel claims Odroid-C2 has more horsepower than its popular rival and can be a desktop replacement.