Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2954
Total: 2957









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 21. January 2010., 20:44:14 »



Microsoft today released a rare patch outside of its normal monthly update cycle to fix an under-attack zero-day security hole in Internet Explorer.

The high-profile attacks against Google, Adobe and other companies took advantage of the invalid pointer reference flaw, which could allow an attack to be launched from a malicious Web site. According to Redmond's security advisory, "compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability": http://www.microsoft.com/technet/security/advisory/979352.mspx

The cumulative MS10-002 update also fixes other IE holes aside from that used in the Google attack, and is rated critical for all supported releases of Internet Explorer: http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx
The update will be distributed automaticaly via Windows Update.

While MS10-002 is essential across-the-board, only IE 6 has so far suffered attacks against the invalid pointer reference flaw. Microsoft says that protections such as Data Execution Protection for IE 8 and Protected Mode for IE on Vista and later Windows versions mitigate the threat. Also, "all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, removing the risk of an attacker being able to use this vulnerability to execute malicious code," according to the advisory.

These attention-grabbing attacks make clear that nobody should be using the badly vulnerable IE 6. If you're stuck using it at work because of an old, custom-made internal Web site or application, then your best bet may be to only use IE for that page or site, and use another browser such as Firefox for your everyday browsing.

(PCW)

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023