vulnerability

Microsoft recent criticized Google for publicly disclosing a remote code execution vulnerability affecting Windows XP and Server 2003. The problem was first reported to Microsoft on June 5th, but most of the world knew about it only four days later. ... This did not sit well with Microsoft, as the company believes that they were ousted before any meaningful repairs could be made to combat the issue. Worse yet, the company believes that revealing the situation to the public could have put users in danger. Windows XP, 2003 Consumers At Risk In an emotionally-charged rebuttal, Microsoft spokesperson ... (view more)

Less than two weeks after Microsoft patched a significant zero-day flaw in its Internet Explorer web browser, it's come to light that a Java vulnerability in the software company's Windows operating system (OS) could compromise PCs if they visit a ... particular web page infected with malicious code. Thus far, two researchers working for different security companies have reported on the matter. Late last week, Tavis Ormandy, an engineer for Google, covered the issue in the Full Discloser email list while Ruben Satamarta, an engineer at Wintercore, discussed the issue on his company's web site. ... (view more)

A hole allowing hackers to take control of Microsoft Exchange was just one "critical" issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer ... browser, Office, and its SQL Server . Three of the eight vulnerabilities patched yesterday were marked "critical". The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be ... (view more)

A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges -- an issue Microsoft has been hotly debating recently. BeyondTrust Corp. (BTC), a ... software development company specializing in enterprise rights management, has indicated that the act of giving users administrative rights may leave systems more open to risk. The report issued by BTC was prepared by assessing security vulnerability bulletins released by Microsoft in 2008, and identifying specific "mitigating factors" (those that could ... (view more)

A security loophole in the Mozilla Firefox web browser has been identified, which may make Google user accounts vulnerable to exploitation by potential hackers. Using cross-site scripting protocols, individuals may be able to access private ... information without the knowledge of their victims. This vulnerability was first brought to the attention of internet junkies by Petko D. Petkov, a.k.a 'pdp', founder of the GNUCITIZEN group. His investigation led to the discovery of the Firefox exploit, which is not currently detected in rival web browsers. (Source: gnucitizen.org ) The issue arises from ... (view more)

Those still loyal to America Online are aware that the service has had a topsy-turvy history. The once dominant dial-up choice of Americans has struggled as of late with vulnerabilities to its Instant Messenger application, holes that security ... experts have collectively referred to as a "major vulnerability". Last Wednesday, analysts at Core Security Technologies revealed that a bug could unleash a series of attacks on an AOL Instant Messenger user, with the most serious side effect being a remote hijack by a hacker. If said hacker were to worm his or her way into the system, Core Security ... (view more)

An exploit is a common term in the computer security community to refer to a piece of software that takes advantage of a bug, glitch or vulnerability, leading to privilege escalation or denial of service on a computer system. There are several ... methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A 'remote exploit' works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A 'local exploit' requires prior access to the vulnerable system and usually increases the privileges of the person ... (view more)

Woops! It looks like Microsoft has goofed again. If you haven't been watching the news lately (maybe you don't get CNN?) -- Microsoft has released a security bulletin ( Q320920 ) regarding a critical flaw in Windows Media Player which can allow an ... attacker to gain unrestricted access to your system. Who is affected? Anyone who is using Windows Media Player version 6.4, 7.1 or Windows Media Player for Windows XP (version 8) should download a software patch to their system immediately. Side note: A software patch is piece of software that fixes a program (which is also software). In this case, ... (view more)