Alles over McAfee Quietly Fixes Software Flaw | rss feed | toevoegen | e-mail nieuwsalarm | Slashdot | 2006-07-15 08:51:02
Chris Reimer writes "The San Jose Mercury News is reporting that McAfee fixed a serious design flaw months ago in their enterprise product without notifying businesses and U.S. government agencies until today." From the article: "McAfee said its own engineers first discovered the flaw, which lets attackers seize control of computers to steal sensitive data, delete files or implant malicious programs. McAfee produced a software update in February but described it only as offering new feature enhancements. Many corporations and government agencies are reluctant to update software unless necessary because of fears that doing so might introduce new problems."
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/http%3A%2F%2Fit.slashdot.org%2Farticle.pl%3Fsid%3D06%2F07%2F14%2F1911259%26from%3Drss
Alles over Microsoft Security Advisory (906267): A COM Object (Msdds.dll) Could Cause Internet Explorer to Unex | rss feed | toevoegen | e-mail nieuwsalarm | Latest Security Advisories | 2006-06-28 19:20:42
Revision Note: Advisory updated to include additional mitigating factors. Msdds.dll file versions have also been revised: updated file version from 7.0.9446.0 to 7.0.9466.0 and added file version 7.0.9064.9143. Advisory Summary:Microsoft is investigating new public reports of a possible vulnerability in Internet Explorer. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft is aggressively investigating the public reports. The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet explorer. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. http://www.microsoft.com/technet/security/advisory/906267.mspx
