Posts Tagged ‘Microsoft’

Vulnerability

Vulnerabilities in Microsoft Internet Explorer

Vulnerability: Multiple vulnerabilities in Microsoft Internet Explorer

1. System compromise in Microsoft Internet Explorer

Danger: High
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2012-4787
Vector of operation: Remote
Impact: System Compromise

Affected Products: Microsoft Internet Explorer 9.x, Microsoft Internet Explorer 10.x

Affected versions: Internet Explorer 9.x, Internet Explorer 10.x

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

An error in the processing of incorrectly initiated or remote object in Ref Counting. The vulnerability allows a remote user to execute arbitrary code on the target system. (more…)

Microsoft Security EssentialsAdditional protection is designed to prevent conduct phishing attacks against users of the service.

According to the developers of Microsoft, the next time was in outlook.com supports standard DMARC (domain-based message authentication, reporting & conformance), is a technology improve security authentication protocols in the email.

Support is currently DMARC implemented in such popular resources as Facebook, Paypal and LinkedIn. In this case, in order to implement this standard on these services is to improve the protection of users from phishing and spam.

“Our implementation DMARC help protect you, visually highlighting messages from legitimate sources – the experts explain. – If the sender supports DMARC, we will place the radio button next to the message that indicates the security letters. ” (more…)

E-mail services vulnerable

E-mail Services

Companies Google, Microsoft, Yahoo!, PayPal and eBay recently eliminated a gap in a cryptographic system to e-mail services, which allowed hackers to forge a digital signature and send them messages purportedly from the employees of these companies.

The vulnerability exists in the system DomainKeys Identified Mail (DKIM), which is used by e-mail providers to make special reports cryptographic signature. This signature confirms the domain name of the sender, which simplifies the process of filtering malicious messages.

DKIM implementation issue was that if the amount of the signature key is less than 1024 bits, if sufficient computing power can be forged. US-CERT has confirmed in the notice that the keys are shorter than 1.024 bits do not provide a sufficient level of security, and that all the keys up to RSA-768 can be forged. (more…)

Windows 7 alertVulnerability: Elevation in Microsoft Windows

Danger: Low
Patch: None
Number of vulnerabilities: 1

Impact: Privilege escalation
CWE ID: CWE-119: An error occurred in the buffer

Affected Products: Microsoft Windows 7

Affected versions: Microsoft Windows 7 (more…)

MicrosoftNitol botnet distributed with the downloadable file that contains the DLL module.

Microsoft has conducted an analysis of the source code botnet Nitol, whose work was recently stopped in Operation “Operation b70”. Recall that during the operation, employees uncovered a scheme in which the attackers spread the virus even at the stage of production of computers, and some buyers in China with pre-purchased equipment botnet client.

Expert analysis indicated that a family of viruses Nitol, probably part of the general class of instruments DDoS. Many variants of this virus contains elements copied from other malicious programs used for the organization of distributed denial of service attacks.

Most of the detected in the study of modifications Nitol has two main components: an executable loader and component libraries. When running on a system boot installs DLL, in most cases, removing it from its own resources, and sets it as a service or driver. Some library modules run immediately after installation by calling the main function of the DLL from the executables, and some run only after a reboot. (more…)

MicrosoftMicrosoft Corporation is the largest multinational company producing software for all kinds of computers – personal computers, game consoles, PDAs, mobile phones. The company was founded by Bill Gates and Paul Allen on April 4, 1975.

The most popular products are Microsoft – Windows operating systems and software for document family Microsoft Office. Microsoft software includes complex server solutions, development tools, online programs and console XBOX, business applications, and management of corporate IT-infrastructure and tools for the Internet. In addition, Microsoft offers interactive online services, publishes books on computer topics, manufactures peripherals for computers, etc. (more…)

MicrosoftVulnerability: XSS in Microsoft products

Danger: Low
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-2520
Impact: Cross Site Scripting
Vulnerable products: Microsoft Office InfoPath 2007, Microsoft InfoPath 2010, Microsoft Office Communicator 2007, Microsoft Lync 2010, Microsoft Lync 2010 Attendant, Microsoft Office SharePoint Server 2007, Microsoft Office SharePoint Server 2010, Microsoft Groove Server 2010, Microsoft Windows SharePoint Services 3.x, Microsoft SharePoint Foundation 2010, Microsoft Office Web Apps 2010. (more…)

MicrosoftVulnerability: System compromise in Microsoft Word

Danger: High
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-2528
Impact: System Compromise
Affected Products: Microsoft Word 2003, Office Word 2007, Word 2010, Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office Web Apps, Office 2003 Standard Edition, Office 2003 Student and Teacher Edition, Office 2007, Office 2010 (more…)

MicrosoftVulnerability: System compromise in Microsoft Word

Danger: High
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-0182
Impact: System Compromise
Affected Products: Microsoft Office Word 2007
Microsoft Office 2007

Affected versions: Microsoft Word 2007 (more…)

internet explorer logoVulnerability: System compromise in Microsoft Internet Explorer

Danger: High
If the Patch: Yes
Number of vulnerabilities: 1
Impact: System Compromise
Affected Products:
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x

Affected versions: Microsoft Internet Explorer 8.x, 9.s (more…)