ALERT: Hackerproof your Apps with WebInspect
The speed with which Web Applications are developed make them prime
targets for attackers, often these applications were developed so
quickly that they are not coded properly or subjected to any security
testing. Hackers know this and use it as their weapon. Easily test your
applications for over 5,100 web app vulnerabilities and attack
methodologies with our complimentary WebInspect 15-day product trial,
which delivers a comprehensive risk report!
http://list.windowsitpro.com/t?ctl=401A7:886699
=== SECURITY ALERT =============================================
6 Microsoft Security Bulletins for November 2006
by Orin Thomas, orin@windowsitpro.com
Microsoft released six security updates, five of which replace updates
released in prior security bulletins. Microsoft rates five of these
updates as critical. Here's a brief description of each update; for
more information, go to
http://list.windowsitpro.com/t?ctl=401A8:886699
MS06-067--Cumulative Security Update for Internet Explorer
This bulletin replaces bulletin MS06-042. It provides updates that
block remote code execution attacks propagated through Web pages. The
severity of the attack will depend on the privileges of the logged-on
user.
Applies to: IE in Windows Server 2003, Windows XP, and Windows 2000.
Recommendation: Test and install as quickly as possible.
MS06-068--Vulnerability in Microsoft Agent Could Allow Remote Code
Execution
This bulletin replaces bulletin MS05-032. It relates to a remote
code execution vulnerability that can be exploited through specially
crafted .acf files. The attack vector would be a specially crafted Web
page.
Applies to: Windows Server 2003, Windows XP, and Windows 2000.
Recommendation: Test and install as quickly as possible.
MS06-069--Vulnerabilities in Macromedia Flash Player from Adobe Could
Allow Remote Code Execution
This vulnerability is in the version of Flash Player that ships with
Windows XP. Updating to the most recent version of Flash or applying
this update will resolve this vulnerability.
Applies to: Windows XP.
Recommendation: Test and install as part of the normal patch
management cycle.
MS06-070--Vulnerabilities in Workstation Service Could Allow Remote
Code Execution
This bulletin replaces bulletins MS03-049 and MS06-040. A remote
code execution vulnerability exists in the workstation service. The
attacker would need to send specifically crafted traffic to the target
computer in order to exploit this vulnerability. Clients behind good
firewalls would be protected.
Applies to: Windows XP and Windows 2000.
Recommendation: Test and install as part of the normal patch
management cycle.
MS06-071--Vulnerabilities in Microsoft XML Core Services Could Allow
Remote Code Execution
This bulletin replaces last month's MS06-061. The attack vector is a
specially crafted Web page or email message. If a user access the Web
page or email message, remote code could be executed.
Applies to: XML Core Services.
Recommendation: Test and install as part of the normal patch
management cycle.
MS06-066: Vulnerabilities in Client Service for NetWare Could Allow
Remote Code Execution
This bulletin replaces MS05-046. This vulnerability applies only to
environments that use NetWare. Exploitation of this vulnerability could
allow remote code to be executed by an attacker.
Applies to: NetWare in Windows Server 2003, Windows XP, and Windows
2000.
Recommendation: If your organization uses NetWare, test and deploy
as part of your normal patch management cycle.
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and the Windows IT Security newsletter
(subscribe at the second URL below).
http://list.windowsitpro.com/t?ctl=401AC:886699
http://list.windowsitpro.com/t?ctl=401A9:886699
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=401AB:886699
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB145F3051D86255639
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=401AD:886699
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=401AA:886699
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment