|
| Tue, 10 Aug 2010 08:00:00 GMT MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) |
| Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-059 - Important: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) |
| Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-058 - Important: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) |
| Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-057 - Important: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) |
| Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-056 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) |
| Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
| Fri, 03 Sep 2010 19:30:12 GMT Facebook Glitch Let Spammer Post to Walls
(PC World)
|
| PC World - A clever spammer found a glitch in Facebook's photo upload system and used it to post thousands of unwanted Wall messages this week. |
| Fri, 03 Sep 2010 17:10:08 GMT Spammers Take Over Apple's New Ping Social Network
(NewsFactor)
|
| NewsFactor - Apple launched iTunes 10 with Ping, a new music-oriented social network, on Wednesday. Within hours, the site fell victim to spammers looking to make a quick buck from Apple's unsuspecting 160 million music lovers exploring the new way to discover what music their friends are listening to. |
| Fri, 03 Sep 2010 15:10:11 GMT Germany to Launch Antibotnet Program for Consumers
(PC World)
|
| PC World - Germany will soon launch a service to help consumers remove malicious software from their computers in an attempt to stem the spread of spam-sending botnets. |
| Fri, 03 Sep 2010 13:47:40 GMT Apple's Ping Inundated with Spam Comments
(PC Magazine)
|
| PC Magazine - Days after its release, Apple's new Ping social network within iTunes is being inundated with spam comments. |
| Fri, 03 Sep 2010 12:57:00 GMT Apple's Ping a Scammer's Haven? Security Experts Say Watch Out
(PC World)
|
| PC World - Apple's music-focused social network, Ping is only a few days old, and already the iTunes-based feature is "drowning in scams and spams," security researchers say. The scams are nothing too advanced at the moment, and there are no reports of clickjacking worms or other forms of aggressive malware, experts say. But if you're looking for links to bogus surveys promising free iPhones, iPads, and other assorted iDevices, then Ping in iTunes 10 is the social network for you. |
| Fri, 03 Sep 2010 12:38:44 GMT iTunes Ping's Latest Problem: Spam
(Mashable)
|
| Mashable - iTunes Ping is apparently full of spam, yet another hiccup in Apple's road to establishing a legitimate social network. |
| Thu, 02 Sep 2010 21:20:10 GMT To Boost Security, Facebook Adds Remote Logout
(PC World)
|
| PC World - Facebook users will soon have a new way of knocking spammers out of legitimate accounts. |
| Thu, 02 Sep 2010 10:40:09 GMT Botnet Takedown May Yield Valuable Data
(PC World)
|
| PC World - Researchers are hoping to get a better insight on botnets after taking down part of Pushdo, one of the top five networks of hacked computers responsible for most of the world's spam. |
| Tue, 31 Aug 2010 15:40:12 GMT Huge Spamming Botnet Injured but Still Alive
(PC World)
|
| PC World - A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security. |
| Tue, 31 Aug 2010 13:20:53 GMT Symantec 'Black Market' Event Highlights Perils of Cybercrime
(PC Magazine)
|
| PC Magazine - On September 1, New Yorkers will have a chance to peer inside the sleazy world of cybercrime when the "Norton Black Market Experience" rolls in to Times Square via a converted semi truck. |
| Sun, 29 Aug 2010 17:49:34 GMT Jordan amends cyber crimes law after media outcry
(AFP)
|
 AFP - Jordan on Sunday approved a temporary law on cyber crimes after amending it to appease the fury of journalists who said the legislation was a means to control local news websites.
|
| Sun, 29 Aug 2010 16:15:28 GMT Hackers attack Philippine government website
(AFP)
|
 AFP - The Philippines on Sunday ordered all government offices to tighten Internet security after its main information website was brought down by hackers.
|
| Fri, 27 Aug 2010 15:46:00 GMT Defending the Internet: National Security v. Big Brother
(PC World)
|
| PC World - In the wake of revelations that the US military network was compromised in 2008, and that US digital interests are under a relative constant threat of attack, the Pentagon is establishing new cyber security initiatives to protect the Internet. The Pentagon strategy--which is part digital NATO, part digital civil defense, and part Big Brother--may ruffle some feathers and raise concerns that the US Internet is becoming a military police state. |
| Fri, 27 Aug 2010 15:11:06 GMT Google Fixes Gmail Bug That Turned Email into Spam
(PC Magazine)
|
| PC Magazine - Google has fixed an issue with Gmail that caused a small percentage of its accounts to repeatedly send email messages over and over. |
| Fri, 27 Aug 2010 10:34:31 GMT Gmail Bug Turned Some Users into Spammers
(Mashable)
|
| Mashable - This week, a Gmail bug caused duplicate messages to be sent from some user accounts. In certain cases, the same messages were sent over and over for several days, which, as you can imagine, must have been extremely annoying to the recipients. |
| Wed, 25 Aug 2010 21:44:11 GMT Cracks in computer defenses abound: IBM
(AFP)
|
 AFP - IBM on Wednesday reported that the number of discovered cracks that hackers could exploit in computer software surged in the first half of the year.
|
| Wed, 25 Aug 2010 19:50:20 GMT Gmail Glitch Resends Messages Multiple Times
(PC World)
|
| PC World - Gmail users have been reporting in droves that the Google webmail service is resending messages to their recipients, turning these users into accidental spammers who are unintentionally annoying friends, acquaintances and business contacts. |
| Wed, 25 Aug 2010 12:47:18 GMT Report: Cybercrime Increases As SMBs Fail To Fortify Security
(PC Magazine)
|
| PC Magazine - A new study reveals that many companies aren't prepared to fight cybercrime. |
| Tue, 24 Aug 2010 14:10:15 GMT Rustock Botnet Responsible for 40 Percent of Spam
(PC World)
|
| PC World - More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. |
| Mon, 23 Aug 2010 07:40:07 GMT Baidu Sues Chinese Security Company
(PC World)
|
| PC World - Baidu, operator of China's largest search engine, is suing domestic security vendor 360 for unfair competition alleging a version of 360's security software flags both Baidu Toolbar and Baidu Address Bar as malware. |
|
| Thu, 02 Sep 2010 06:30:00 PST Cisco IOS XR Software Border Gateway Protocol Vulnerability |
Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. |
| Wed, 25 Aug 2010 07:40:00 PST Cisco Unified Communications Manager Denial of Service Vulnerabilities |
Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of voice services.  |
| Wed, 25 Aug 2010 07:30:00 PST Cisco Unified Presence Denial of Service Vulnerabilities |
Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of presence services.  |
| Thu, 12 Aug 2010 13:30:00 PST Cisco IOS Software TCP Denial of Service Vulnerability |
Cisco IOS Software Release, 15.1(2)T is affected by a denial of service (DoS) vulnerability during the TCP establishment phase. The vulnerability could cause embryonic TCP connections to remain in a SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these states could consume system resources and prevent an affected device from accepting or initiating new TCP connections, including any TCP-based remote management access to the device. |
| Wed, 11 Aug 2010 08:00:00 PST Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine |
The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain the following DoS vulnerabilities: Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS vulnerability Secure Socket Layer (SSL) DoS vulnerability SIP inspection DoS vulnerability  |
![[logo]](http://www.microsoft.com/library/toolbar/3.0/images/banners/TechNetB_masthead_ltr.gif "Microsoft Security Bulletins")
![[logo]](http://www.securityfocus.com/rss/SFLogo_v1.gif "SecurityFocus")
![[logo]](http://l.yimg.com/a/i/us/nws/th/main_142c.gif "Yahoo! News")
![[logo]](http://newsroom.cisco.com/images/mobile_newsAtCisco.png "News@Cisco")
