Microsoft ASP.Net OOB Patch

sorry to interrupt the flow of the Making the Web Work for You series, but this is somewhat important. Microsoft issued a patch last week for the outstanding .Net issue that could pose a significant threat to those of you with Internet facing IIS servers. Although all .Net systems are vulnerable, the affected IIS boxes do pose the greatest risk for exploit. For some reason the OOB (out of band) patch is only available through MS Download Center.


Windows LNK Out-of-Band Patch

As reported by SANS Internet Storm Center:

Microsoft release patch to address this rather serious vulnerability.


Windows LNK vulnerability

There has been quite a bit of talk in security circles with regard to the latest 0day Windows LNK (short-cut) vulnerability, which has potential to be fairly serious.  There are partial fixes and workarounds but not a complete patch as yet.  The following links should help you get informed and cover your bases:


Taking down the botnets

Botnet, by and large, are responsible either directly or indirectly, for most of the malicious activity on the internet.  When it's spam, viruses, drive-by downloaded, rogueware, scareware or all-out DDoS attacks, these large, distributed networks of zombie computers are usually behind it.

Recently a couple of the big ones have been taken down (or at least cut down in size) by the legal manoeuverings of Microsoft and the investigation and arrests of some key players.  The Microsoft actions were against the Waledac botnet and the Spanish authorities caught up with some crafty characters responsible for the Mariposa botnet.


straight from the horse's mouth -->Waledac

Panda helps in arrests -->Mariposa


IE Zero Day Exploit

If you have not heard, there is a very serious Internet Explorer Zero Day exploit making it's rounds.  How serious?  Serious enough for Microsoft to put forth an Out-of-Band patch for it.  This is very much related to the Google China network compromise that has been in the news recently - this was one of the exploits leverage that gave hackers access to Google's network.  Since then the exploit code has shown up in various places on the Internet where more blackhats and criminals have gotten their hands on it.

While initially an IE 6 exploit, proof of concept code now exists that can target IE 7 - IE 8 appears to be somewhat protected if DEP is still enabled on the system.

This exploit is serious enough where the French and German governments have issued public advisories to it's populace to use an alternate browser like Firefox or Opera.


Page optimized by WP Minify WordPress Plugin