consistent exploit code

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Microsoft: ‘Consistent exploit code likely’ for IE vulnerabilities

Microsoft: ‘Consistent exploit code likely’ for IE vulnerabilitiesIE8 and Windows 7 aren't mentioned[i]This security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista.[/i]I notice there is no mention anywhere of IE8 and Windows 7. Does that mean they aren't affected or...

Tags: Web browsers, Patches, SECURITY, Mac System, Microsoft Corp., Consistent exploit code, exploit code, IE vulnerability, Microsoft Internet Explorer, vulnerability, patch management

Discussion threads 2009-02-10

Additional Resources

Microsoft: Exploits likely for 'critical' Windows vulnerabilities

Microsoft today dropped a mega patch bundle with fixes for several "critical" vulnerabilities affecting the Windows platform and warned that "consistent, reliable exploit code" was likely to be released within 30 days. The Redmond, Wash. software maker released nine bulletins -- five rated critical -- to provide...

Tags: Windows Vulnerability, Vulnerability, Microsoft Windows, Exploit Code, Microsoft Corp., Security, Ryan Naraine

Blog posts 2009-08-11

Sapphire 09 Live: Smart business plans, moral benchmarks

SAP is always a bit of a conundrum to me. They have extraordinarily talented people, an incredibly deep product portfolio that they are always extending, more often than not make good acquisitions that take some time but work out all in all, and seem to be actually dedicated to transforming...

Tags: Sustainability, SAP AG, Paul Greenberg

Blog posts 2009-05-13

Military beefs up cyberwar capabilities with games, Linux

Military beefs up cyberwar capabilities with games, LinuxSo it'll just be your businesses that remain in the dark ageswith Windows "technologies" then.At least the military is waking up a little bit.It is a no brainer for the Military to use Linux. It did NOT take them longto figure out that...

Tags: Operating systems, UNIX, OPEN SOURCE, open-source OS, Microsoft Windows, Linux, operating system, game

Discussion threads 2009-05-11

Microsoft fixes critical Windows kernel, WINS flaws

Microsoft today shipped three security bulletins with fixes for at least 8 documented vulnerabilities affecting millions of Windows OS users. The most serious of this month's patch batch is rated "critical" and could allow full remote execution attacks if a Windows user is simply lured into viewing...

Tags: Flaw, Vulnerability, WINS, Microsoft Corp., Kernel, Bulletin, Microsoft Windows, Operating Systems, Security, Software, Ryan Naraine

Blog posts 2009-03-10

Should Microsoft decouple IE from Patch Tuesday?

A security researcher wants Microsoft to follow the lead of other browser makers and start fixing Internet Explorer security problems outside of the Patch Tuesday cycle to help contain the Windows malware epidemic. [ Microsoft: ‘Consistent exploit code likely’ for IE vulnerabilities ] According...

Tags: Patch Management, Microsoft Internet Explorer, Microsoft Corp., Web Browser, Browser Patch, Web Browsers, Patches, Internet, Ryan Naraine

Blog posts 2009-02-12

Inside Microsoft's February patch batch

Guest post by Eric Schultze It's a seemingly light batch of patches this month, trailing an even lighter, single patch release in January.  Two critical items were released -- including patches for Internet Explorer 7 and Microsoft Exchange Server.  Additionally, two "important" items...

Tags: Microsoft Visio, Attacker, Microsoft SQL Server, Microsoft Exchange Server, Microsoft Internet Explorer 7, Patch Management, Microsoft Corp., MS09-002, MS09-003, MS09-004, MS09-005, Patches, Servers, Security, Databases, Hardware, Enterprise Software, Software, Data Management, Ryan Naraine

Blog posts 2009-02-11

News to know: More Kindle, Intel, IT Talent, Google energy

Here are today’s notable headlines. You can get News To Know via email alert and RSS daily .  For continuous updates see BNET’s around-the-Web tech coverage Christopher Dawson: Kindle 2.0: Give me a Classmate instead Adrian Kingsley-Hughes: Kindle 2 - It is what it...

Tags: Google Inc., Larry Dignan, Dana Blankenhorn, Microsoft Corp., Sam Diaz, Intel Corp., Tablets, Notebooks, Smart Phones, Security, Hardware, Notebooks & Tablets, Consumer Electronics, Personal Technology

Blog posts 2009-02-11

Microsoft: 'Consistent exploit code likely' for IE vulnerabilities

Microsoft today shipped four bulletins with patches for at least 8 documented security vulnerabilities affecting Windows users and warned that "consistent exploit code could be easily crafted" to launch attacks via the Internet Explorer browser. The Patch Tuesday batch includes fixes for a pair of code execution...

Tags: Vulnerability, Microsoft Exchange Server, Server, Exploit Code, Microsoft Internet Explorer, Microsoft Corp., E-mail Servers, Groupware, Web Browsers, Security, Enterprise Software, Software, Internet, Ryan Naraine

Blog posts 2009-02-10

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?Sour over mis-predicting the patches this month?First off, does anyone proof-read these posts? Multiple typos/grammatical errors make it look like this was rushed out... Anyway.Mentioning the token-kidnapping issue makes me wonder if Ryan is sour that his patch prediction (on...

Tags: SECURITY, Patches, Viruses and worms, anti-MS people, NTLMv2, Admin Access, Microsoft Corp., vulnerability, SMBRelay, SMBRelay attack flaw, Ryan, attack flaw

Discussion threads 2008-11-12

OpenOffice 3 launch timed perfectly but will Sun, IBM exploit opportunity?

OpenOffice 3 launch timed perfectly but will Sun, IBM exploit opportunity?I don't think that Microsoft products cost anything to companies marginallyI believe my company has agreement with Microsoft where we pay them a fixed fee, and we get to use Microsoft software all we want. This would include Office. Therefore...

Tags: OPEN SOURCE, OpenOffice, OpenOffice 3, Microsoft Corp., Microsoft Office, Sun Microsystems Inc., IBM Corp., software

Discussion threads 2008-10-13

What's wrong with an exploit being sexy?

First off, let me start by saying _dietrich has been following our blog for quite some time and is a consistent poster, providing good advice on how to use Linux securely, sometimes as an alternative to Windows technologies.  I wouldn't have commented about this in a blog posting, except that...

Tags: Exploit, ActiveX, Flaw, Dietrich, openSUSE, Microsoft Windows, ActiveX/COM/COM+/DCOM, Operating Systems, Middleware, Software, Software Development, Software/Web Development, Enterprise Software, Nathan McFeters

Blog posts 2008-06-10

Taking ownership (pwnership) of content: Cross-site Scripting Google

My good friend Billy Rios pictured to the right published another interesting exploit recently.  It's a cross-site scripting exposure in spreadsheets.google.com, which is interesting because it's exploited by using the content-type returned by spreadsheets.google.com and a caching flaw on the part of Google.  Here's some details from Billy's blog: I was...

Tags: Security, Google Inc., HTML, XSS, Domain, Billy Rios, Rios, Nathan McFeters

Blog posts 2008-04-16

Black Hat, Day 2: DTrace, (un)Smashing the Stack, Cisco IOS Forensics

Day 2 is done and Black Hat is wrapped up. The second day of talks was power-packed with some really great presentations. Despite a wicked night of celebration after my successful talk, I still managed to turn up on time for the "DTRACE: The Reverse Engineer's...

Tags: Black Hat, Cisco IOS, Researcher, Speaker, Cisco Systems Inc., DTrace, Day 2, FX, Nate McFeters

Blog posts 2008-02-21

Fortify calls Apache tools insecure

Fortify calls Apache tools insecureIt's true, but not Apache centricI have yet to compile anything that does not have external dependencies. Be it from a local CMS, a remote internal to the company CMS, etc. There is as much likliehood of an insider planting the trojanware as...

Tags: PRODUCTIVITY, Apache Software Foundation, open source, Apache Tools, Palamida, security, tool

Discussion threads 2007-10-11

Red Hat beta release of Developer Studio sports Exadel tools, Seam integration

Red Hat today released the beta version of its Developer Studio, an Eclipse-based integrated development environment IDE designed to help developers, as companies migrate to and exploit open source runtimes, frameworks and stacks. The beta releases sees the merger of products that were contributed to Red Hat by Exadel in...

Tags: AJAX, Red Hat Inc., Open Source, Environment, Runtime, Eclipse, Tool, JBoss, Development Environment, Integration, Dana Gardner

Blog posts 2007-08-20

Mashups: The next major new software development model?

At last weeks Mashup Ecosystem Summit held in San Francisco and sponsored by IBM with an invited assemblage of leading players in this space, I gave an opening talk about the current challenges and opportunities of mashups. And there I posed the title of this post as a statement...

Tags: Gadgets, Enterprise Wikis, Enterprise Web 2.0, Enterprise Mashups, Enterprise 2.0, Collaboration, Business Process Management, Business Models, Blogs, Badges, Ajax, Global SOA, Lightweight Service Models, Mashups, Open APIs, Products, Rich Internet Applications (RIA), RSS, SaaS, Small Pieces, Loosely Joined, SOA, Social Software, Tolerance Continuum, Web 2.0, Web as Platform, Web services, Web-Oriented Architecture (WOA), Widgets, Wikis

Blog posts 2007-05-14

Microsoft to ship critical Windows, Office patches

Microsoft to ship critical Windows, Office patchesTime to waitWhy on earth does MS feel they have to stick to a constant timeline for updates. If the update is ready to go out now, then give us the damn thing so we can patch our stuff. Instead we have to wait...

Tags: Patches, information technology, Microsoft Windows, Microsoft Corp., patch management, operating system

Discussion threads 2007-05-03

Microsoft pulls four planned patches

Microsoft pulls four planned patchesMicrosoft pulls four planned patchesIf Microsoft is pulling some of these patches then there is a good reason they are doing it. More than likely wanting to do one more check on the quality assurance of the patch. If they need to pull it...

Tags: Patches, Linux, Microsoft Windows, Windows Botnets, Microsoft Corp., patch management, MSFT, security

Discussion threads 2007-01-05

Attack code published for third Word flaw

Attack code published for third Word flawAttack code published for third Word flawWhat a very irresponsible move by that analyst. Publishing the code does no one any favors. He should have went through the proper channels and informed Microsoft of any potential vulnerabilities first. Microsoft could then...

Tags: Word processors, Microsoft Office, SECURITY, Microsoft Corp., third Word flaw, Word flaw, Microsoft Word, flaw, Microsoft Office 2007

Discussion threads 2006-12-14