CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Microsoft Warns Customers About Exploits For New Flaws !   Logged in as: Guest
Viewers: 757 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Microsoft News >> Microsoft Warns Customers About Exploits For New Flaws ! Page: [1]
Message << Older Topic   Newer Topic >>
Microsoft Warns Customers About Exploits For New Flaws ! - 2/15/2005 6:45:18 PM   

Posts: 1011
Joined: 8/4/2003
From: Ontario - Canada
Status: offline
Microsoft Corp. is warning customers about computer code that exploits holes in the company's software and blamed security researchers for publishing proof-of-concept code to trigger the vulnerabilities, which was then turned into working attacks.

The company issued a statement late last week citing an increased risk to users of its Windows operating system, MSN Messenger instant messaging application and Office XP software suite. Microsoft singled out Finjan Software Inc. and Core Security Technologies for publishing code to test for the vulnerabilities shortly after software patches were released to plug the holes.

Finjan released code to test for a hole that its researchers discovered in Microsoft Office XP and that Microsoft fixed with a patch described in Security BulletinMS05-005. The San Jose-based maker of content management technology discovered and then publicized code to test for the vulnerability on the same day Microsoft released its bulletin, Microsoft said.

The buffer overflow in question affects a process that passes Web address information to Office XP applications and could be used by malicious hackers to hide attacks in HTML links embedded in e-mail messages or Web pages.

Microsoft also criticized Newton, Mass.-based Core Security Technologies for publishing a proof of concept for a hole in an MSN Messenger component called "libpng," which is used to display Portable Network Graphics (PNG) files. On Tuesday, Microsoft released a patch, MS05-009, that fixed several holes in libpng for the PNG hole, and it labeled the vulnerability "critical." An exploit based on that proof of concept was posted on the Internet shortly thereafter, Microsoft said.

The actions by Finjan and Core could allow malicious hackers to launch attacks on Microsoft customers who haven't had time to install patches for the affected software, said Stephen Toulouse, program manager at Microsoft's Security Response Center.

Source : IDG News Service
Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Microsoft News >> Microsoft Warns Customers About Exploits For New Flaws ! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI