Microsoft recently announced fixes to address a critical security flaw that allows malicious web site to install Malware to an infected PC. The malware affects those Pc’s that are running Excahnge and SQL Server. Security Firm like Trend Micro further noticed renewed attack for the IE7 flaws that was fixed recently. Though the attack is smaller at this point of time, it many grow further down the road.
The infection starts with an e-mailed .doc file that, when opened, uses the loopholes of MS09-002 to download and install remote-control backdoor malware. It can construct a realistic spam message that may appear to come from a co-worker, for instance, and have a poisoned .doc or other file attached.
You can try your best to fix the problem by applying last week’s patch. It was distributed via Automatic Updates, so you can double-check that you got it by running Windows Update.
Filed under
Security | Tags:
Exchange Server,
Internet Explorer 7,
Malware,
Microsoft Patch,
Security,
SQL Server | Comment Below
Related?
Microsoft Fixed Blaster Worm AttackJanuary 14th, 2008 Microsoft patches a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack. The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel.
Major DNS Flaws LeakedJuly 22nd, 2008 One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon. This flaw apparently allows Web surfers to be spoofed, directing them to fake Web sites to gain passwords and load malware on their computers.
Apple's DNS Server still VulnerableAugust 4th, 2008 Apple released patches for 17 different flaws of its Mac OS X server. But, as per latest research the patch didn't do anything.
Twitter is also Vulnerable to HackingMarch 21st, 2009 Secure Science researchers found vulnerability of Twitter Microblogging site. Hackers can attack user accounts as well as make your computer a compromising position with the help of the cross scripting code(XSS).
Security Flaws Reported in Firefox 3,0June 20th, 2008 The new version of the Firefox browser was downloaded over eight million times in its first 24 hours of release in what organisers claimed was a world record. But the success was overshadowed by reports that Firefox 3.0 contained a serious security flaw that potentially lets an attacker take over a PC if a user clicks on a booby-trapped link.
DNS Bug is Fixed to Patch the InternetJuly 9th, 2008 Makers of the software used to connect computers on the Internet collectively released software updates Tuesday to patch a serious bug in one of the Internet's underlying protocols, the Domain Name System (DNS). The bug was discovered "by complete accident," by Dan Kaminsky, a researcher with security vendor IOActive.
Security is a Big Concern for Websites of Major US Banks August 3rd, 2008 A new study from University of Michigan reveals that 75% of all US banks have security flaw. The security concern includes design flaws that expose passwords and are susceptible to tampering by attackers, researchers say.
How You can Perform Penetration TestJuly 5th, 2009 Penetration test is the process of evaluating the information security of your IT department. You test your information security system to find out any security issues.
