Security

Every single Internet Explorer at risk of drive-by hacks until Patch Tuesday

FIFTY-SEVEN gaping holes closed this month

John Leyden Fri 8 Feb 2013 // 10:44 UTC

Microsoft has lined up a bumper Patch Tuesday this month to snap shut a backbreaking 57 security vulnerabilities in its products.

Five of the 12 software updates addressing the gaping holes will tackle critical flaws that allow miscreants to execute code remotely on vulnerable systems.

In all, the soon-to-be-patched vulnerabilities exist in the Windows operating system, Internet Explorer web browser, Microsoft Server Software, Microsoft Office and the .NET framework.

The Redmond giant normally bundles together fixes for Internet Explorer bugs into a single monthly update, but February's Patch Tuesday release will feature two bulletins both addressing critical IE vulnerabilities. All versions of IE from 6 to 10, including the ARM port running on Windows RT on the Surface tablet, will need patching.

A third critical update addresses a flaw in Windows XP, 2003 and Vista but not later versions of Microsoft's PC operating system. The fourth critical update covers Microsoft Exchange, which uses the vulnerable Outside In software library from Oracle. The fifth critical vulnerability only affects Windows XP.

The remaining seven bulletins are all rated as important and mostly allow logged-in users to elevate their privileges, with the exception of a Sharepoint-related update that is susceptible to code-injection attacks.

More details, as usual, will follow next week once the patches are published. Microsoft's pre-release alert is here. Further commentary by Qualys can be found here. ®

Similar topics

Broader topics

Narrower topics

Corrections Send us news

Other stories you might like

Microsoft slows some hiring for Windows, Teams, and Office

'Making sure the right resources are aligned to the right opportunity' ahead of next fiscal year

Richard Speed Fri 27 May 2022 // 13:31 UTC

Microsoft has hit the brakes on hiring in some key product areas as the company prepares for the next fiscal year and all that might bring.
According to reports in the Bloomberg, the unit that develops Windows, Office, and Teams is affected and while headcount remains expected to grow, new hires in that division must first be approved by bosses.
During a talk this week at JP Morgan's Technology, Media and Communications Conference, Rajesh Jha, executive VP for the Office Product Group, noted that within three years he expected approximately two-thirds of CIOs to standardize on Microsoft Teams. 1.4 billion PCs were running Windows. He also remarked: "We have lots of room here to grow the seats with Office 365."

Continue reading
Recession fears only stoking enterprise tech spending for Dell, others

Staving off entropy with digital transformation, hybrid office, and automation projects still being financed

Paul Kunert Fri 27 May 2022 // 13:00 UTC

Enterprises are still kitting out their workforce with the latest computers and refreshing their datacenter hardware despite a growing number of "uncertainties" in the world.
This is according to hardware tech bellwethers including Dell, which turned over $26.1 billion in sales for its Q1 of fiscal 2023 ended 29 April, a year-on-year increase of 16 percent.
"We are seeing a shift in spend from consumer and PCs to datacenter infrastructure," said Jeff Clarke, vice-chairman and co-chief operating officer. "IT demand is currently healthy," he added.

Continue reading
GitHub saved plaintext passwords of npm users in log files, post mortem reveals

Unrelated to the OAuth token attack, but still troubling as org reveals details of around 100,000 users were grabbed by the baddies

Richard Speed Fri 27 May 2022 // 12:15 UTC

GitHub has revealed it stored a "number of plaintext user credentials for the npm registry" in internal logs following the integration of the JavaScript package registry into GitHub's logging systems.
The information came to light when the company today published the results of its investigation into April's unrelated OAuth token theft attack, where it described how an attacker grabbed data including the details of approximately 100,000 npm users.
The code shack went on to assure users that the relevant log files had not been leaked in any data breach; that it had improved the log cleanup; and that it removed the logs in question "prior to the attack on npm."

Continue reading

This Windows malware uses PowerShell to inject malicious extension into Chrome

And that's a bit odd, says Red Canary

Jeff Burt Fri 27 May 2022 // 11:26 UTC

A strain of Windows uses PowerShell to add a malicious extension to a victim's Chrome browser for nefarious purposes. A macOS variant exists that uses Bash to achieve the same and also targets Safari.
The makers of the ChromeLoader software nasty ensure their malware is persistent once on a system and is difficult to find and remove, according to threat hunters at cybersecurity shop Red Canary, who have been tracking the strain since early February and have seen a flurry of recent activity.
"We first encountered this threat after detecting encoded PowerShell commands referencing a scheduled task called 'ChromeLoader' – and only later learned that we were catching ChromeLoader in the middle stage of its deployment," Aedan Russell, detection engineer at Red Canary, wrote in a blog post this week.

Continue reading
Spam is back with a vengeance. Luckily we can't read any of it

It's a shame still nothing can be done about all the false positives, though

Alistair Dabbs Fri 27 May 2022 // 10:44 UTC

Something for the Weekend WE BRING ENGLISH TO YOUR FEET! reads the email.
That's nice. I knew I was lacking something in the footwear department. A fine pair of bobby dazzlers, no doubt.
No, that can't be right. Let me run it through another translation app. Ah, how about this?

Continue reading
Clonezilla 3: Copy and clone disk images to your heart's content

Even non-sysadmins may find this Linux live ISO handy

Liam Proven in Prague Fri 27 May 2022 // 10:02 UTC

Clonezilla 3 is a new version of an (almost) universal disk-imaging and duplication tool which can copy, or image, almost any mass storage device.
Remember Norton Ghost? It was discontinued nearly a decade ago now, in 2013. There are lots of alternatives to it out there, including commercial ones, but Clonezilla is handy because it can handle almost any disk format, and it's totally free. Version 3 just appeared and it's got a bunch of new features, including support for Apple APFS, ChromeOS Flex, and Linux drives encrypted with LUKS.
Clonezilla is not a general-purpose tool, or a graphical live desktop for general disk work. If you want that, try SystemRescue 9, which we looked at earlier this year.

Continue reading

BOFH: Where do you think you are going with that toner cartridge?

Did that printer service person just sell you 10 overpriced boxes of the wrong paper?

Simon Travaglia Fri 27 May 2022 // 09:15 UTC

Episode 10 It is a great morning! The phone has not rung once (and not because the PFY has rebooted the phone server with a DBAN USB stick in it again), the aircon and security system are behaving, and outside the sun is shini-
"What's he doing here?" I ask the PFY.
"Who?" the PFY asks, getting up off his chair as he senses a hint of urgency in my tone. "What's who doing... SH*T!"

Continue reading
When management went nuclear on an innocent software engineer

It says 'Do Not Touch,' not 'Rip Out My Guts'

Richard Speed Fri 27 May 2022 // 08:30 UTC

On Call Sure, you might use words like "boom" and "explode" when it comes to errors with your system. But could a whoopsie have the potential to render a chunk of a country uninhabitable? Welcome to On Call.
Our story comes from a reader Regomized as "Ellen" who spent the early part of the 1980s toiling away in the IT department of a company producing software responsible (in part) for running nuclear power stations.
A brand new system was in the process of being rolled out, which would keep track of which stations were online, how much power they could provide, and so on.

Continue reading
Lenovo infrastructure group and Alibaba Cloud both make first annual profits

Chinese giants' enterprise businesses do well despite lockdowns. Other segments? Strap in for a bumpy ride

Simon Sharwood, APAC Editor Fri 27 May 2022 // 07:57 UTC

Ever since Lenovo acquired IBM’s x86 server business in 2014, one thing has proven elusive: profit.
Now the company can point to a pair of consecutive quarters, and a full year, in the black.
The Chinese kit-maker yesterday reported Q4 and FY 2022 results, with quarterly revenue of $16.7 billion representing seven percent year on year growth. Annual revenue reached $71.6 billion, an increase of 18 percent. Annual net income topped $2 billion.

Continue reading
Let's play everyone's favorite game: REvil? Or Not REvil?

Another day, another DDoS attack that tries to scare the victim into paying up with mention of dreaded gang

Jessica Lyons Hardcastle Fri 27 May 2022 // 07:33 UTC

Akamai has spoken of a distributed denial of service (DDoS) assault against one of its customers during which the attackers astonishingly claimed to be associated with REvil, the notorious ransomware-as-a-service gang.
REvil was behind the JBS and Kaseya malware infections last year. In January, Russia reportedly dismantled REvil's networks and arrested 14 of its alleged members, theoretically putting an end to the criminal operation.
Beginning in late April, however, the same group of miscreants — or some copycats — appeared to resume their regularly scheduled ransomware activities with a new website for leaking data stolen from victims, and fresh malicious code.

Continue reading
World’s smallest remote-controlled robots are smaller than a flea

So small, you can't feel it crawl

Laura Dobberstein Fri 27 May 2022 // 07:15 UTC

Video Robot boffins have revealed they've created a half-millimeter wide remote-controlled walking robot that resembles a crab, and hope it will one day perform tasks in tiny crevices.
In a paper published in the journal Science Robotics , the boffins said they had in mind applications like minimally invasive surgery or manipulation of cells or tissue in biological research.
With a round tick-like body and 10 protruding legs, the smaller-than-a-flea robot crab can bend, twist, crawl, walk, turn and even jump. The machines can move at an average speed of half their body length per second - a huge challenge at such a small scale, said the boffins.

Continue reading

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Security Scorecard

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information Cookies Privacy Ts&Cs