ms08-067

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

From Gimmiv to Conficker: The lucrative MS08-067 flaw

GENEVA -- The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cyber criminals. During a presentation at the Virus Bulletin 2009 conference here, a trio of Microsoft researchers dissected the malware attacks linked to...

Tags: Flaw, Malware, Conficker, MS08-067, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Ryan Naraine

Blog posts 2009-09-23

New worm exploiting MS08-067 flaw spotted in the wild

New worm exploiting MS08-067 flaw spotted in the wildExploit code in September??The patch was released out-of-band on October 23, and MS noted that there were limited, targeted attacks at that time. This one came out of the blue; I don't recall any exploit code showing up in September for...

Tags: Patches, SECURITY, MS08-067 flaw, MS08-067, New Worm, flaw

Discussion threads 2008-11-26

MS08-067 worms squirming in the wild

MS08-067 worms squirming in the wildI will not be directly affected.I use Linux. (This is a trap for the Windows fanboys to proclaim that Linux would be as vulnerable if it was as popular as Windows.)thanks sincerely, RyanThis time you were really clear that there was a fix, and...

Tags: Cyberthreats, Operating systems, LANs, Viruses and worms, UNIX, OPEN SOURCE, MS08-067 worm, MS08-067, worm, Linux, operating system

Discussion threads 2008-11-04

Additional Resources

Microsoft patches 31 Windows, IE, Office security holes

Microsoft's batch of patches this month is a big one: 10 bulletins covering a total of 31 documented vulnerabilities affecting the Windows OS, the Internet Explorer browser and the Microsoft Office productivity suite (Word, Works and Excel). Five of the 10 bulletins are rated "critical," Microsoft's highest...

Tags: Microsoft Word, Microsoft Windows Server, Window, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2003, Microsoft Windows, Security, Microsoft Office, Operating Systems, Software, Office Suites, Ryan Naraine

Blog posts 2009-06-09

What is security transparency?

Guest editorial by Andrew Storms Transparency is a common theme in politics and Wall Street these days. The 2008 elections, dealings of TARP, financial institutions run a-muck are all places where we hear the word transparency bandied about on a daily basis. While many security professionals speak...

Tags: Information Security, Microsoft Corp., Transparency, Consumer, Security, Ryan Naraine

Blog posts 2009-03-05

Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts

Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accountsRe:using pirated windowsThere is no reason that pirated versions of windows should be more vulnerable than genuine ones, this statistic only shows the lack of knowledge and common sense that the people using pirated windows have, since they don't seem...

Tags: Least Privilege account, standard user, Least Privilege, UAC, critical Microsoft vulnerability, Microsoft Vulnerabilities, standard User Account, Microsoft Corp., Microsoft Windows

Discussion threads 2009-02-10

US-CERT warning: Windows does not disable AutoRun properly

The U.S. Computer Emergency Readiness Team (US-CERT) has issued a technical cyber-security alert to warn that Microsoft's guidelines for disabling AutoRun in the Windows operating system "are not fully effective" and argues that this "could be considered a vulnerability." The U.S. CERT warning comes...

Tags: Microsoft Corp., NoDriveTypeAutorun, Registry Value, Microsoft Windows, Operating Systems, Software, Ryan Naraine

Blog posts 2009-01-21

Firefox tops list of 12 most vulnerable apps

Firefox tops list of 12 most vulnerable appsVery odd...it sure looks suspicious to me.Curious Bill and the Monkeys...Curious, but a week after Microsoft puts out a "It's not our OS but the programs that it runs", this report comes out. Even more curious is that it lists none of...

Tags: Web browsers, SECURITY, Microsoft Internet Explorer, Mozilla Firefox, vulnerability, Microsoft Corp.

Discussion threads 2008-12-15

MS Patch Tuesday whopper: 28 vulnerabilities in Windows, IE, Office

Microsoft today dropped a monster Patch Tuesday release with fixes for at least 28 vulnerabilities affecting Windows, Office, Internet Explorer, Visual Basic Active Controls and Windows Media Player. Of the 28 flaws, 23 carry a "critical" rating, meaning they could be used to launch remote code execution...

Tags: Microsoft Office, Vulnerability, Microsoft Windows, Microsoft Internet Explorer, Microsoft Corp., Security, Ryan Naraine

Blog posts 2008-12-09

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

One of the code execution vulnerabilities fixed in this month's Microsoft Patch Tuesday release dates back to 2001 when it was first disclosed by Cult of the Dead Cow hacker Sir Dystic pictured left. If that wasn't cause for worry, get this:  An exploit for the bug...

Tags: Flaw, Issue, Microsoft Corp., Security Administration, Patches, Security, Ryan Naraine

Blog posts 2008-11-12

MS Patch Tuesday: Critical Windows, Office flaws fixed

MS Patch Tuesday: Critical Windows, Office flaws fixedSounds like they were pushedThe MS08-068 sounds like it had a temporary fix which may or may not work. Oh what fun I have trying to get these rolled out again.RE: MS Patch Tuesday: Critical Windows, Office flaws fixedI checked and the...

Tags: Patches, Microsoft Outlook, SECURITY, Microsoft Office, MS Patch Tuesday, MS patch, Critical Windows Office flaw, Critical Windows Office, Microsoft Corp., flaw

Discussion threads 2008-11-12

MS Patch Tuesday: Critical Windows, Office flaws fixed

Microsoft's scheduled batch of patches for November crossed the wires today with fixes for at least four documented vulnerabilities affecting millions of Windows and Office users. As previously reported, the company released two security bulletins -- one rated critical, one rated important -- with fixes for flaws...

Tags: Web, Attacker, Microsoft Office, Flaw, Vulnerability, Microsoft Windows, Microsoft Corp., Security, Ryan Naraine

Blog posts 2008-11-11

Using Skybox View to Quickly and Effectively Mitigate MS08-67

Automates the risk assessment process and prioritizes vulnerabilities by taking into account risk exposure, business logic, network and security controls configuration, threats, and vulnerabilities. It allows organizations to quickly and accurately identify the specific hosts that have the MS08-67 vulnerability accessible and exploitable despite the layers of defense, and find...

Tags: Skybox Security Inc., Vulnerability, Security

White papers 2008-10-01

Even Mac users have to patch

If you have a Macintosh you have likely received notice of the 10.5.5 update that arrived yesterday. The update includes multiple security fixes that should not be ignored, including vulnerabilities in common file parsers. Mac users and Windows users alike should patch their desktops as soon as possible...

Tags: Apple Macintosh, Vulnerability, Microsoft Windows, Desktops, Security, Operating Systems, Software, Hardware, Adam O'Donnell

Blog posts 2008-09-16

Exploit published for Windows Media Encoder flaw

If you haven't applied Microsoft's MS08-053 security update, now might be a good time to hit that patch button. Proof-of-concept exploit code for the vulnerability, which allows remote code execution attacks via the Web, has been posted online, raising the likelihood that we'll soon see in-the-wild exploitation....

Tags: Windows Media, Vulnerability, Microsoft Corp., Flaw, Microsoft Windows, Operating Systems, Security, Software, Ryan Naraine

Blog posts 2008-09-15

MS Patch Tuesday: 8 critical security holes patched

Microsoft shipped four high-priority security bulletins today with patches for at least eight code execution vulnerabilities affecting millions of Windows computer users. The September Patch Tuesday updates, all rated "critical," correct security flaws in the Windows Media Player, the Windows Media Encoder, Microsoft Office and the Microsoft...

Tags: Windows Media, Attacker, Microsoft Office, Vulnerability, Microsoft Office OneNote 2003, Microsoft Corp., Windows Media Encoder Bulletin, Microsoft Windows, Operating Systems, Security, Software, Ryan Naraine

Blog posts 2008-09-09

Microsoft investigating NSlookup.exe flaw, reported attacks

Microsoft is investigating new public reports of a zero-day Windows vulnerability that's being exploited in the wild. According to a this SecurityFocus alert, the attacks are exploiting a remote code-execution vulnerability due to an unspecified error in NSlookup.exe, the command-line administrative tool used for testing and troubleshooting...

Tags: Vulnerability, Microsoft Corp., Attack, Flaw, Microsoft Windows XP Professional SP2, Access Snapshot Viewer, Security, ActiveX/COM/COM+/DCOM, Microsoft Windows, Software Development, Software/Web Development, Operating Systems, Software, Ryan Naraine

Blog posts 2008-08-15

Microsoft joins 'patch DNS now' chant; Apple patch missing

On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...

Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine

Blog posts 2008-07-25

On deck from Oracle: 45 critical database, server patches

On deck from Oracle: 45 critical database, server patchesUnbreakable.ntRE: On deck from Oracle: 45 critical database, server patchesso tables turned? MS SQL 2005 "zero" known vulnerabilities in 2.5years.. looks like SDL works well for Microsoft and its clientsRE: On deck from Oracle: 45 critical database, server patchesIt is important...

Tags: Patches, Storage, Databases, SECURITY, critical database, server patch, database, deck, patch management, server, Oracle Corp.

Discussion threads 2008-07-14

Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08

It would seem there's a bigger story to that MS08-037 flaw that came out for Patch Tuesday today. From Dave Lewis over at the Liquid Matrix security blog: Today Dan Kaminsky released a first, as far as I can recall. A coordinated patch was released today...

Tags: Black Hat, DNS, CERT, Flaw, Mogull, Updates, Domain Names, Networking, Security, Internet, Nathan McFeters

Blog posts 2008-07-08