Extremely critical Windows flaw code appears


	September 24, 2008 New version of PC Activity Monitor Pro (PC Acme Pro) added! more


	October 10, 2008 Parity provides free online identity management more High-tech bank robbers phone it in more Spread security risks with diversity more Corporate data loss not down to hackers more First quantum encrypted network goes live more Apple Posts Security Update 2008-007 more NT hacker blames 'segregation' more ASIC counter-spy to be a tough search more Scotland tightens security for mobile health-data more Home Office publishes data-sharing guidance more EDS loses unencrypted armed-forces data more Data-center security tools to not overlook more Microsoft promises huge patch day next week more Firefox add-on blocks 'clickjacking' attacks more

E-mail:

E-mail:

DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

November 23, 2005

Extremely critical Windows flaw code appears

A U.K. security researcher has released exploit code for a bug in Internet Explorer that could allow a remote attacker to take over Windows systems -- even Windows XP with Service Pack 2 installed, according to security experts.

The proof-of-concept code was developed by ComputerTerrorism, and takes advantage of an unpatched Explorer (versions 5.5 and 6.x are affected) bug previously thought to be relatively harmless. "Contrary to popular belief, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user," ComputerTerrorism said in an advisory.

Until now the bug was thought to allow attackers only to crash a target system. The bug could be exploited by luring a user to a malicious website, or by embedding malicious code in a trusted site. Because Microsoft hasn’t yet patched the flaw, the only reliable protection for Explorer users is to disable Active Scripting, said security researchers.

Microsoft said it is investigating the issue, and may issue a patch. It also criticized ComputerTerrorism’s disclosure of the bug, saying it may have made things worse.

Some Windows systems aren’t vulnerable to the attack, Microsoft said. "By default, Internet Explorer on Windows Server 2003, on Windows Server 2003 Service Pack 1, on Windows Server 2003 with Service Pack 1 for Itanium-based Systems, and on Windows Server 2003 x64 Edition runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability," the company said.

ComputerTerrorism said it has confirmed the bug on a fully patched system running Windows XP SP2 and Windows 2000 SP4.

Source: smallbusiness.itworld

	All news for October 10, 2008:
	13:57	Parity provides free online identity management
	13:56	High-tech bank robbers phone it in
	13:56	Spread security risks with diversity
	13:54	Corporate data loss not down to hackers
	13:53	First quantum encrypted network goes live
	13:51	Apple Posts Security Update 2008-007
	13:50	NT hacker blames 'segregation'
	13:49	ASIC counter-spy to be a tough search
	13:48	Scotland tightens security for mobile health-data
	13:47	Home Office publishes data-sharing guidance
	13:47	EDS loses unencrypted armed-forces data
	13:45	Data-center security tools to not overlook
	13:44	Microsoft promises huge patch day next week
	13:43	Firefox add-on blocks 'clickjacking' attacks
	All news for October 09, 2008:
	13:44	Job losses on the way for IT security staff
	13:43	FSA threatens executives with fines
	13:39	Anatomy of a SQL Injection Attack
	13:37	Why Security Pros Hate SharePoint
	13:36	Remote Workers Care About IT Security -- Really
	13:35	US gov't report: Data mining is ineffective
	13:34	Shell warns employees of suspected data loss
	13:32	'Fast-flux' domains help botnets evade capture
	12:46	Mozilla locks in Firefox 3.1 feature list
	12:45	Colorado state Web site dishes out SSNs of CEOs, other top execs
	12:43	Kernell pleads innocent to Palin hack charge
	12:42	Symantec to buy e-mail security vendor MessageLabs
	12:41	Privacy groups praise bill curbing warrantless laptop searches
	12:40	Tenn. student indicted for hacking Palin's e-mail

All news for October, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!