Third-party security researchers reported that they found a vulnerability in both Windows 7 and Windows Server 2008 Release 2. The said bug exists in the handling of Server Message Block (SMB) packets and can allow malicious users to remotely crash systems if a malformed packet is received by the target system. The crash does not lead to the infamous blue screen of death, however. It merely renders the system unresponsive. Older versions of Windows (e.g., Windows Vista) are not affected by ...

Microsoft released six security bulletins to fix 15 vulnerabilities in this month’s Patch Tuesday. Three of these security advisories (MSO9-063, MS09-064, MS09-65) are considered “critical” while the other three have been dubbed “important.” MS09-067 deals with eight security holes plaguing Microsoft Excel that when successfully exploited can allow remote code execution when users open a specially crafted .XLS file. Users are thus strongly advised to update their systems as soon as possible, as these vulnerabilities (especially those rated “critical”) can be used by cybercriminals to execute worms and ...

Worm Exploits MS08-067 Bug DOWNAD, also known as the Conficker worm, was first seen in the wild taking advantage of the MS08-067 vulnerability. True to form, it propagated via shared networks. Like its predecesors—the Sasser and Nimda worms—it also raised security concerns with regard to a spike in port 445 activity. A few days after its appearance, reports suggested that the threat had spread. More than 500,000 unique hosts spread across networks in the United States, China, India, the Middle East, Europe, and ...

The month of October in the threat landscape is often associated with scary social engineering tactics in time for Halloween. As in years past, the threats that lurk in and plague the current threat landscape are real. Most of them can cause irreparable damage, often resulting in information, or worse, identity theft as shown in the following blog entries: Weather Report for Halloween: High Chances of a Storm “Halloween Costumes” Bring More Fright Than Expected But just how scary is the Web 2.0 ...

The solution for the vulnerability that was left unpatched during last month's patch cycle was included in the recently released security advisory, along with a dozen other vulnerability reports. Of the 13 security vulnerabilities fixed today, 8 vulnerabilities were marked "critical" while the other 5 were marked "important." This month's release covered a wide range of vulnerabilities, each of which affects long lists of software. Listed among the software affected in several of the released security update is the very much ...