Language Selection

English French German Italian Portuguese Spanish

More problems for Windows, Internet Explorer users

Filed under
Security

Exploit code targeting a security hole Microsoft warned of in last week's patch release is in the wild, the Bethesda, Md.-based SANS Internet Storm Center (ISC) said Friday.

"We've received reports that the color management module ICC profile buffer overflow vulnerability has exploit code available and is being used out in the wild," ISC said on its Web site. "[To] mitigate this vulnerability, apply the appropriate patch. It appears that this version of the exploit code will only crash the browser, but it wouldn't be difficult to put in code for execution."

The French Security Incident Response Team (FrSIRT) has also put out an advisory on the exploit code.

Microsoft issued a bulletin for the vulnerability during its July patch release. The software giant said the problem is in how the color management module validates International Color Consortium [ICC] profile format tags. "Attackers could exploit this by constructing a malicious image file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

The flaw affects Windows 2000 SP4, Windows XP SP1 and SP2; Windows XP Professional x64 Edition; Windows Server 2003; Windows Server 2003 SP1; Windows Server 2003 for itanium-based systems; Windows Server 2003 with SP1 for itanium-based systems; Windows Server 2003 x64 Edition; Windows 98; Windows 98 Second Edition [SE] and Millennium Edition [ME].

Source.

More in Tux Machines

blackPanther OS 14.1 (Walking Dead) Unleashed Worldwide, Download Now - Video

The development team behind a very old GNU/Linux operating system, blackPanther OS, had the great pleasure of announcing the immediate availability for download of version 14.1 of their 13-year old distribution, dubbed Walking Dead. Read more

Benchmarking Debian GNU/Hurd 2015 vs. GNU/Linux

After a reminder this week from a Phoronix Premium member about some fresh Debian GNU/Hurd benchmarks, here are some fresh results comparing this version of Debian with the Hurd kernel instead of the Linux kernel. The results for this comparison are done against Debian GNU/Linux Wheezy. For those unfamiliar, Debian GNU/Hurd is the GNU user-land but running atop Hurd -- similar to Debian GNU/kFreeBSD being powered by the FreeBSD kernel. On the topic of Debian GNU/kFreeBSD, I'll probably run a fresh kFreeBSD vs. Linux comparison again soon. Read more

Andalusia revamps its free software desktop

The government of Spain’s Andalusia has revamped its free and open source desktop, aimed to become the region’s standard configuration for workstations and laptops. The overhaul focussed on IT management, system integration, support and system scalability. The new standard corporate desktop, GECOS - Guadalinex Escritorio COrporativo eStandar, is designed to handle tens of thousands of workstations. Read more

Canonical Releases New Linux Kernel Update for Ubuntu 14.04 LTS (Trusty Tahr)

We reported a few days ago, on July 28, 2015, that Canonical released a kernel update for its long-term supported Ubuntu 14.04 LTS (Trusty Tahr) operating system, patching four kernel vulnerabilities. Read more