Security

IE security hole sewn up for Patch Tuesday

It's that time of the month. Again

John Leyden Fri 7 Oct 2011 // 13:01 UTC

Microsoft is planning eight security updates next week – two critical – as part of its regular Patch Tuesday programme.

The obvious highlight of the batch is a critical update for Internet Explorer that affects all supported versions of Microsoft's ubiquitous web browser, including IE 9. The second critical update covers flaws in Microsoft .NET Framework and Microsoft Silverlight that create a possible mechanism for miscreants to inject hostile code onto vulnerable systems.

The remaining six updates address lesser Windows vulnerabilities in Microsoft Forefront and Host Integration server. All six of these updates are rated as "important" and not all of them apply to all configurations. "IT administrators will have to evaluate to what degree they affect their networks, servers and workstation," according to Wolfgang Kandek, CTO at security services firm Qualys.

As usual, more details on the flaws will emerge once Microsoft has published its patches on Tuesday. In the meantime all we have to go on is Redmond's pre-release notice here. ®

Similar topics

Broader topics

Narrower topics

Corrections Send us news

Other stories you might like

This Windows malware uses PowerShell to inject malicious extension into Chrome

And that's a bit odd, says Red Canary

Jeff Burt Fri 27 May 2022 // 11:26 UTC

A strain of Windows uses PowerShell to add a malicious extension to a victim's Chrome browser for nefarious purposes. A macOS variant exists that uses Bash to achieve the same and also targets Safari.
The makers of the ChromeLoader software nasty ensure their malware is persistent once on a system and is difficult to find and remove, according to threat hunters at cybersecurity shop Red Canary, who have been tracking the strain since early February and have seen a flurry of recent activity.
"We first encountered this threat after detecting encoded PowerShell commands referencing a scheduled task called 'ChromeLoader' – and only later learned that we were catching ChromeLoader in the middle stage of its deployment," Aedan Russell, detection engineer at Red Canary, wrote in a blog post this week.

Continue reading
Spam is back with a force. Happily I can't read any of it

It's a shame still nothing can be done about all the false positives, though

Alistair Dabbs Fri 27 May 2022 // 10:44 UTC

Something for the Weekend WE BRING ENGLISH TO YOUR FEET! reads the email.
That's nice. I knew I was lacking something in the footwear department. A fine pair of bobby dazzlers, no doubt.
No, that can't be right. Let me run it through another translation app. Ah, how about this?

Continue reading
Clonezilla 3: Copy and clone disk images to your heart's content

Even non-sysadmins may find this Linux live ISO handy

Liam Proven in Prague Fri 27 May 2022 // 10:02 UTC

Clonezilla 3 is a new version of an (almost) universal disk-imaging and duplication tool which can copy, or image, almost any mass storage device.
Remember Norton Ghost? It was discontinued nearly a decade ago now, in 2013. There are lots of alternatives to it out there, including commercial ones, but Clonezilla is handy because it can handle almost any disk format, and it's totally free. Version 3 just appeared and it's got a bunch of new features, including support for Apple APFS, ChromeOS Flex, and Linux drives encrypted with LUKS.
Clonezilla is not a general-purpose tool, or a graphical live desktop for general disk work. If you want that, try SystemRescue 9, which we looked at earlier this year.

Continue reading

BOFH: Where do you think you are going with that toner cartridge?

Did that printer service person just sell you 10 overpriced boxes of the wrong paper?

Simon Travaglia Fri 27 May 2022 // 09:15 UTC

Episode 10 It is a great morning! The phone has not rung once (and not because the PFY has rebooted the phone server with a DBAN USB stick in it again), the aircon and security system are behaving, and outside the sun is shini-
"What's he doing here?" I ask the PFY.
"Who?" the PFY asks, getting up off his chair as he senses a hint of urgency in my tone. "What's who doing... SH*T!"

Continue reading
When management went nuclear on an innocent software engineer

It says 'Do Not Touch,' not 'Rip Out My Guts'

Richard Speed Fri 27 May 2022 // 08:30 UTC

On Call Sure, you might use words like "boom" and "explode" when it comes to errors with your system. But could a whoopsie have the potential to render a chunk of a country uninhabitable? Welcome to On Call.
Our story comes from a reader Regomized as "Ellen" who spent the early part of the 1980s toiling away in the IT department of a company producing software responsible (in part) for running nuclear power stations.
A brand new system was in the process of being rolled out, which would keep track of which stations were online, how much power they could provide, and so on.

Continue reading
Lenovo infrastructure group and Alibaba Cloud both make first annual profits

Chinese giants' enterprise businesses do well despite lockdowns. Other segments? Strap in for a bumpy ride

Simon Sharwood, APAC Editor Fri 27 May 2022 // 07:57 UTC

Ever since Lenovo acquired IBM’s x86 server business in 2014, one thing has proven elusive: profit.
Now the company can point to a pair of consecutive quarters, and a full year, in the black.
The Chinese kit-maker yesterday reported Q4 and FY 2022 results, with quarterly revenue of $16.7 billion representing seven percent year on year growth. Annual revenue reached $71.6 billion, an increase of 18 percent. Annual net income topped $2 billion.

Continue reading

Let's play everyone's favorite game: REvil? Or Not REvil?

Another day, another DDoS attack that tries to scare the victim into paying up with mention of dreaded gang

Jessica Lyons Hardcastle Fri 27 May 2022 // 07:33 UTC

Akamai has spoken of a distributed denial of service (DDoS) assault against one of its customers during which the attackers astonishingly claimed to be associated with REvil, the notorious ransomware-as-a-service gang.
REvil was behind the JBS and Kaseya malware infections last year. In January, Russia reportedly dismantled REvil's networks and arrested 14 of its alleged members, theoretically putting an end to the criminal operation.
Beginning in late April, however, the same group of miscreants — or some copycats — appeared to resume their regularly scheduled ransomware activities with a new website for leaking data stolen from victims, and fresh malicious code.

Continue reading
World’s smallest remote-controlled robots are smaller than a flea

So small, you can't feel it crawl

Laura Dobberstein Fri 27 May 2022 // 07:15 UTC

Video Robot boffins have revealed they've created a half-millimeter wide remote-controlled walking robot that resembles a crab, and hope it will one day perform tasks in tiny crevices.
In a paper published in the journal Science Robotics , the boffins said they had in mind applications like minimally invasive surgery or manipulation of cells or tissue in biological research.
With a round tick-like body and 10 protruding legs, the smaller-than-a-flea robot crab can bend, twist, crawl, walk, turn and even jump. The machines can move at an average speed of half their body length per second - a huge challenge at such a small scale, said the boffins.

Continue reading
IBM-powered Mayflower robo-ship once again tries to cross Atlantic

Whaddayaknow? It's made it more than halfway to America

Katyanna Quach Fri 27 May 2022 // 06:28 UTC

The autonomous Mayflower ship is making another attempt at a transatlantic journey from the UK to the US, after engineers hauled the vessel to port and fixed a technical glitch.
Built by ProMare, a non-profit organization focused on marine research, and IBM, the Mayflower set sail on April 28, beginning its over 3,000-mile voyage across the Atlantic Ocean. But after less than two weeks, the crewless ship broke down and was brought back to port in Horta in the Azores, 850 miles off the coast of Portugal, for engineers to inspect.
With no humans onboard, the Mayflower Autonomous Ship (MAS) can only rely on its numerous cameras, sensors, equipment controllers, and various bits of hardware running machine-learning algorithms to survive. The computer-vision software helps it navigate through choppy waters and avoid objects that may be in its path.

Continue reading
Revealed: The semi-secret list of techs Beijing really really wishes it didn't have to import

I think we can all agree that China is not alone in wishing it had an alternative to Microsoft Windows

Laura Dobberstein Fri 27 May 2022 // 05:57 UTC

China has identified "chokepoints" that leave it dependent on foreign countries for key technologies, and the US-based Center for Security and Emerging Technology (CSET) claims to have translated and published key document that name the technologies about which Beijing is most worried.
CSET considered 35 articles published in Science and Technology Daily from April until July 2018. Each story detailed a different “chokepoint” or tech import dependency that China faces. The pieces are complete with insights from Chinese academics, industry insiders and other experts.
CSET said the items, which offer a rare admission of economic and technological vulnerability , have hitherto “largely unnoticed in the non-Chinese speaking world.”

Continue reading
Huawei claims it’s halved the time needed to build a 1,000-rack datacenter

Promises modular kit gets you up and running in six to nine months, with AI-powered ops to make it efficient

Simon Sharwood, APAC Editor Fri 27 May 2022 // 05:15 UTC

Huawei has entered the datacenter construction business with an offering that it claims can be built in half the time required by competing methods, then run more efficiently.
The prosaically named “Next-Generation Datacenter Facility”, as depicted in a video posted to Chinese social media, employs suspiciously-shipping-container-sized modules stacked into a larger building.
In the video, a pre-school girl and her father use Lego to assemble a cube-shaped building. The scene cuts to film of a very similar building under construction in the real world, before the director makes sure the metaphor can’t be missed by morphing the Lego and actual buildings, as depicted below.

Continue reading

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Security Scorecard

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information Cookies Privacy Ts&Cs