Showing posts with label BLACK HAT. Show all posts
Showing posts with label BLACK HAT. Show all posts

Wednesday, July 29, 2009

Microsoft rushes patches to fix 'big deal' programming flaw

Developers who used the buggy code 'library' must redo software, update customers

By Gregg Keizer, ComputerWorld
As promised, Microsoft Corp. today patched six vulnerabilities in Internet Explorer and Visual Studio with the first "out-of-cycle" update since last October, when it plugged a hole that the Conficker worm later used to run rampant.

Microsoft has been working on the Visual Studio bugs, and coordinating with third-party developers who may have crafted vulnerable software using Visual Studio, since early 2008.

As some had speculated, Microsoft rushed the patches to users this week to preempt a presentation slated for tomorrow at Black Hat by several security researchers. The researchers plan to demonstrate a way for attackers to bypass the "kill-bit" defenses that Microsoft frequently deploys as a stop-gap measure for fixing bugs.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.
Posted by at 2 comments:
Labels: , , , , , , ,

Tuesday, July 28, 2009

Microsoft rushes clutch patch for 'deep' bug in Windows, third-party apps

Researchers say move may be tied to this week's Black Hat security conference

By Gregg Keizer, ComputerWorld
The emergency patches Microsoft plans to rush out this week will fix a flaw that runs through several critical components of Windows and an unknown number of third-party applications, according to a pair of security researchers.

On Tuesday, Microsoft will slap a permanent patch on a video streaming ActiveX control used by Internet Explorer (IE), addressing a vulnerability that it has known about, but not fixed, for more than a year. Two weeks ago, Microsoft issued a "kill bit" update that, rather than address the underlying problem, disabled the ActiveX control to stymie attacks that were already in progress. It's also slated a fix for Visual Studio, Microsoft's popular development platform.

Although Microsoft has not spelled out exactly what it will patch with the two "out-of-band" updates -- the term for security updates released outside the company's once-a-month schedule -- earlier this month researchers pointed fingers at the Active Template Library (ATL), a code "library" used not only by Microsoft's own developers, but also by third-party software programmers to access some features within Windows.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.
Posted by at No comments:
Labels: , , , , , , , , , , ,
Subscribe to: Posts (Atom)