WebProNews

Tag: vulnerabilities

  • Microsoft Pushes Patch For 26 Windows Vulnerabilities

    Windows users are accustomed to the regular security updates for Windows and Internet Explorer that Microsoft pushes on a regular basis. Sure, there are some updates that are marked critical, but it’s pretty tame stuff for the most part. That seemed to not be the case on Tuesday.

    Computer World reports that Microsoft pushed out patches for 26 vulnerabilities with 10 of them being marked critical. Many of the bug patches were for vulnerabilities in Internet Explorer, including IE10 in the Windows 8 preview.

    The big news here, however, is not the patches, but rather the fact that these vulnerabilities are already being exploited. Microsoft has found that one of the flaws in Internet Explorer 8 has led to attacks on users of the 3-year-old browser. If you use IE8, it’s suggested that you download and install an update called MS12-037 immediately.

    Another critical bug that was found and patched in the latest update affected Remote Desktop Protocol. There’s a vulnerability in the program that allows a hacker to send data packets to a system that has RDP enabled. This effects all Windows operating systems from Windows XP SP3 to Windows 7 SP1.

    Other major security flaws were found in the Windows .Net framework and kernel drivers. The worrying thing about these particular updates is that Microsoft requires users to download them from their Web site. Most of the patches are not delivered over the automatic Windows Update service that Microsoft uses to push security updates. You can grab the updates to MS12-039 and MS12-040 now.

    While Microsoft was busy patching all of the aforementioned problems, it appears that a new kind of attack was spreading. According to Microsoft, the new attack exploits a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0 and 6.0. It only affects those on Internet Explorer by allowing a remote attacker to execute code whenever somebody visits a particular Web page.

    Unfortunately, there is no patch for this problem at the moment. Computer World assumes that Microsoft will push out an emergency update before the next scheduled update on July 10. While we may laugh about those that use Internet Explorer, there are still many who use the browser that need to know about these vulnerabilities.

    While we wait for the patch, it’s good to remember a few key rules to keeping a computer healthy. Users should remain constantly vigilant and be always suspicious of any links to Web sites that they’re not familiar with. You should always keep your malware definitions up to date. I recommend using either Avast! or Microsoft’s own Security Essentials.

  • United Nations Web Site Hacked, Vulnerabilities Exposed

    United Nations Web Site Hacked, Vulnerabilities Exposed

    The Web site hacking and dumping of info will not stop – next up is the United Nations.

    A hacker going by the handle Casi dumped information from the United Nations Web site yesterday that contained many vulnerabilities that other hackers could use to get inside the UN’s database to cause some real damage.

    I guess the question here is why did Casi hack the UN? Well, he tells us himself:

    I fuck actually system… I fighting for Internet Freedom, equiality & rights for all. You’re FREEDOM my brothers & my sisters ! <3

    What does it mean? I don’t know, but it must have been a pretty good reason to expose almost every weakness currently in the UN’s database.

    Similarly, the reason behind listing the vulnerabilities is just as cryptic:

    I give vulnerabilities because it’s fucking asshole ! We are FREEDOm !

    We are clearly dealing with a criminal mastermind here, or maybe not according to Aaron Titus, Chief Privacy Officer for Identity Finder. Speaking to Fox News’ New York affiliate, he said that the breach was a “very simple attack” and that the UN “could have prevented this very easily and should have prevented it.”

    So it seems that the UN just has bad cyber security. It must be embarrassing for the them to be hacked by such a basic SQL injection attack.

    Passwords were not exposed, but the real danger lies in what other hackers can do with the information. Identity Finder has reached out to the UN to alert them of the potential danger, but the organization has not replied.

    With all these hacks, it’s just a matter of time until every governmental organization’s Web site is laid bare for the world to see. I personally can’t wait to see the database for the White House’s Web site. It must be so scandalous, probably full of photos of the President’s pet.