A Week Of Major Vulnerabilities Discovered
By Ian Scott
This past week (I’m writing this on May 21st, 2008) has seen some major security vulnerabilities discovered.
Major vulnerabilities include a Microsoft product, and a Linux derivative (Debian) issue with SSL certs.
First with Microsoft: MS Word has a critical vulnerability “that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Ugh.
If you use MS Word, get the update now. Yesterday might be too late.
Linux servers running Debian or Ubunto that make use of SSL or SSH keys have some major problems too. In a nutshell, the key generating system is flawed, and right now, it is within about three hours of time to exploit so called secure keys on Debian systems unless you’ve installed the fix.
This is a very serious problem and more information is available here.
Read more in: Computer Security |