This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
from: (ISC)2 Blog
The DHS Daily Open Source Infrastructure Report covers the publicly reported material for the preceding day(s) not previously covered. This weekly summary provides a selection of those items of greatest significance to the InfoSec professional. Week Ending: Friday, August 21, 2009 Infrastructure Report for 17 August 2009 A bug fix takes two years to release! Should this be where you place your trust? 48.
from: Lab Technology
Recently, since Microsoft released information about new vulnerabilities in MS Office and DirectShow in July, attacks spreading through the infection of thousands of legitimate Web sites have increased sharply in the wild. Coinciding with the student recruitment period after the Chinese National College Entrance Examination, the Web sites of universities and some higher education institutions have become the major targets of attackers.
from: IT Security
For two years, Microsoft put off patching a critical vulnerability. That all changed in July. ————————————————————————————— In March 2007, Peter Vreugdenhil discovered an arbitrary code execution vulnerability in Microsoft’s Office Web Components. As the Zero Day Initiative (ZDI) reported to Microsoft at the time, an exploit involving maliciously crafted parameters when calling msDataSourceObject() could induce memory management errors that could be used to execute malicious code.
from: DotNetSlackers Latest ASP.NET News
971388 ... MS09-043: Description of the security update for Microsoft Office 2000 Web Components 2000 for Microsoft BizTalk Server 2002This RSS feed provided by kbAlerz.com.Visit kbAlertz.com to subscribe. It's 100% free and you'll be able to recieve e-mail or RSS updates for the technologies you pick from the Microsoft Knowledge Base.... Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight.
from: Microsoft Patch Watch
MS09-043: Description of the security update for Office 2003 Web Components and Office XP Web Components in Office 2003: August 11, 2009 No tags for this post. Related postsNo related posts.
from: Web Security Blog by Purewire
Recently, Purewire's Malicious Javascript Detection (MJD) engine identified malicious URLs backed by what was found to be Fragus, a new exploit kit that appeared in late July 2009. An example of a Fragus URL and a screenshot of its admin control panel login page are shown directly below. hxxp://blt.kz/1/show.php?s=5015ba5606 Fragus Admin Control Panel Login As with most modern exploit kits, Fragus serves not one, but a grab bag of exploits that attack the browser, ActiveX controls, and third party plugins.
from: Fortinet FortiGuard Blog
Total detected malware volume continued a climbing trend this period , posting the highest levels detected to date this year. On top of this steep incline, highlighted since March 2009, the amount of distinct variants (malicious pieces of code) has also continued to gradually increase. Several malware attack waves were evident this period, most notably on the 24th of July when a huge surge of ZBot activity occurred through HTML/Agent.E!tr .
from: Information Security Resources
From The Internet Security Alliance In The News… August 21, US-CERT – Current Activity - Adobe Releases Security Bulletin for Flex SDK . Adobe has released security bulletin APSB09-13 to address a vulnerability in Flex 3.3 SDK and earlier versions. This vulnerability may allow an attacker to conduct a cross-site scripting attack. US-CERT encourages users and administrators to review Adobe security bulletin APSB09-13 and update to Flex 3.4 SDK to help mitigate the risks.
