Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 


Three new security bulletins - 13 July 2005

Three new security bulletins - 13 July 2005

Today, Microsoft issued three new security bulletins. Symantec Security response identified the following two vulnerabilities to be the most serious.

Buffer Overflow in Microsoft Colour Management Module

Microsoft has announced a security patch for a vulnerability within the Microsoft Colour Management Module (CMM), a component included within most Windows systems. CMM processes image files for a wide variety of formats including JPEG, EXIF, TIFF, PNG, PDF, PICT, PostScript, JDF (Job Definition Format), SVG, and CSS3. This vulnerability may be exploited remotely through malicious web sites or emails. It may be possible to exploit Outlook users by just previewing the email. Other applications that use CMM could be vulnerable as well, including Internet Explorer and MSN Messenger. Symantec Security Response has rated this threat as critical.

Microsoft Internet Explorer Javaprxy.DLL COM Object Heap Overflow

Microsoft has also introduced a security patch for a vulnerability in Javaprxy.dll, an interface to a debugger in the Microsoft Java Virtual Machine. An attacker could exploit this vulnerability through malicious web pages and run code on the local system resulting in complete control of the affected computer. Symantec Security Response has rated this threat as critical.

"While these are high-risk vulnerabilities, there are many steps users can take to protect themselves," said Oliver Friedrichs, senior manager, Symantec Security Response. "In addition to applying patches immediately, users should never open files or click on links from unknown sources. Computer users should keep software running with the least privileges possible and deploy network intrusion detection systems to monitor network traffic for signs of suspicious activity."

Symantec recommends the following actions for enterprises: · Evaluate the possible impact of these vulnerabilities to their critical systems. · Plan for required responses including patch deployment and implementation of security best practices using the appropriate security solutions. · Take proactive steps to protect the integrity of networks and information. · Verify that appropriate data backup processes and safeguards are in place and effective. · Remind users to exercise caution in opening all unknown or unexpected email attachments and in following web links from unknown or unverified sources.

Symantec recommends the following actions for consumers: · Regularly run Windows Update and install the latest security updates to keep software up to date. · Avoid opening unknown or unexpected email attachments or following web links from unknown or unverified sources. · Consider using an internet security solution such as Norton Internet Security 2005 AntiSpyware Edition to protect against today's known and tomorrow's unknown threats.

Additional information can be found at: http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx

Symantec’s security experts will closely monitor further information related to these vulnerabilities and will provide updates and security content as necessary.

ENDS

© Scoop Media

 
 
 
 
 
Business Headlines | Sci-Tech Headlines

 

Pre-Budget: Computer Emergency Response Team, Assemble!

John Key told the country's first ever Cyber Security Summit in Auckland that the government had earmarked funding set up a national Computer Emergency Response Team to help prevent and act on cyber incidents in partnership with the private sector and other organisations. More>>

ALSO:

Job Cutter Goes: Mark Weldon To Step Down As MediaWorks CEO

“When I joined MediaWorks in August 2014, I had a mandate to lead a significant change programme to bring the business back from receivership into a position where it could once again be a strong competitor in the market, with a sound and sustainable future. It was a big brief, laden with inherent challenges, but I took it in good faith and have dedicated myself fully to the goal since." More>>

ALSO:

Must Sell 20 Petrol Stations: Z Cleared To Buy Caltex Assets

Z Energy is allowed to buy the Caltex and Challenge! petrol station chains but must sell 19 of its retail sites and one truck-stop, the Commerce Commission has ruled in a split decision that acknowledges possible retail price coordination between fuel retailers occurs in some regions. More>>

ALSO:

Huntly: Genesis Extends Life Of Coal-Fuelled Power Station To 2022

Genesis Energy will keep its two coal and gas-fired units at Huntly Power Station operating until 2022, having previously said they'd be closed by 2018, after wringing a high price from other electricity generators who wanted to keep them as back-up. More>>

ALSO:

Dammed If You Do: Ruataniwha Irrigation Scheme Hits Farmer Uptake Targets

Enough Hawke's Bay farmers have signed up for water from the proposed Ruataniwha Water Storage Scheme for it to go ahead as long as a cornerstone institutional capital investor can be found to back it, its regional council promoter announced. More>>

ALSO:

Reserve Bank: OCR Stays At 2.25%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2.25 percent, in a decision traders had said could go either way, while predicting inflation will pick up as the slump in oil prices washes out of the data and capacity pressures start to build in the economy. More>>

ALSO:

Get More From Scoop

 
 
 
 
 
 
 
 
 
Sci-Tech
Search Scoop  
 
 
Powered by Vodafone
NZ independent news