Feeds

Poison applet could wipe Windows PCs

A brace of MS alerts

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

A brace of Microsoft security vulns pose risks for both home users and corporates.

The more serious problem, involving Microsoft's virtual machine (Microsoft VM), which enables Java programs to run on Microsoft Windows, provides a mechanism for attackers to run amok on Windows PCs. Microsoft has released a fix designed to address the problem, which affects users of Windows 98, NT 4, Windows 2000, XP and Windows Me.

Attacks including "changing data, loading and running programs, and reformatting the hard disk", might be possible, according to the low-fat version of Microsoft's alert.

Well if that doesn't get consumers patching, what will?

The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.

Java applets are disabled within the Restricted Sites Zone, which reduces the risk if you're using a hardened version of Microsoft's email clients. That still leaves other infection routes for Windows users. No surprise then that Microsoft describes the flaw as critical.

An alert on the problem, which links to patches, can be found here.

Separately, Microsoft yesterday released patches designed to fix denial of service vulnerabilities involving Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000. Both issues are covered in the same alert.

The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in ISA Server 2000 are subject to similar flaws, bot covered in the same alert. The upshot of both vulnerabilities is that internal ne'er do wells can send malformed packets that could cause servers to hang.

Patches, described by Microsoft as important, can be found be following links on the advisory here. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.