New Exploit Exposed In Microsoft Windows

March 14, 2011 by admin
Filed under Computing

Comments Off on New Exploit Exposed In Microsoft Windows

It is being reported that hackers have been able to exploit holes in Windows and Microsoft new of the issue since January of 2011.

The exploit deals with the Windows protocol handler in Windows for MHTML. Be advised the exploit can only be done if the user is running Internet Explorer. Apparently, hackers are using cross-site scripting attacks are intercepting and collecting peoples information, spoofing the content that is displayed to the browser, or interfering with the user’s browsing activities. Read More….

Tags: 4Chan, account numbers, address, advantages of using a consultant, anti-virus, applications, attacks, backdoor, best Internet Phone Service, beta, Blog site, Brooklyn, browsers, bug, Chicago Computer Help Desk, Chicago Computer Services, Chicago Data Center, Chicago Internet Providers, chicago PC Technician, Chicago Telcom Audits, Chicago VoIP, cloud computing, Cloud Computing Chicago, code, commands, computer, computer consultant, Computer Consultants, Computer Help Desk, Computer Install, computer network services, computer programmers, computer Serurity, Computer Services, Computer Technician in Chicago, Computer Technician Outsourcing, Computers, cross-site scripting, CSS, data, data centers, DEP, Desktop Services, download, Email, email services, FedComp, format, Gawker sites Hacked, Hackers, hacking, Help Desk Services, hosted exchange, IE, IE6, IE7, IE8, internet, Internet Explorer, Internet Explorer security issues, IT Audits, IT Outsourcing, IT support services, Laptop, link, linksys routers, machine, malware, managed IT services, MHTML, Microsoft, Network Design, network management, Network Optimization, Network routers, Network Services, network solutions, network support services, networks, online data backup, payments, PC repairs, PC's, processor, production servers, prosecution, Routers, Security Issues Windows, sell, Server Management, servers, site, Software, Spam, Symantec, systems, technical support, Telcom Audits, telephone auditing review, test computers, test system, The Syber Group, US Secret Service, Virtual Computers, Virtual Machine, Virtualization, VoIP in Illinois, VoIP MPLS, voip office phone systems chicago, website, Windows, Windows Technician, Wireless Internet

80% Of Browsers Found To Be At Risk Of Attack

February 17, 2011 by admin
Filed under Internet

Comments Off on 80% Of Browsers Found To Be At Risk Of Attack

About eight out of every ten internet browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, a security expert said today.

The poor state of browser patching stunned Wolfgang Kandek, CTO of security risk and compliance management provider Qualys, which presented data from the company’s free BrowserCheck service Wednesday at the RSA Conference in San Francisco.

“I really thought it would be lower,” said Kandek of the nearly 80% of browsers that lacked one or more patches.

BrowserCheck scans Windows, Mac and Linux machines for vulnerable browsers, as well as up to 18 browser plug-ins, including Adobe’s Flash and Reader, Oracle’s Java and Microsoft’s Silverlight and Windows Media Player.

When browsers and their plug-ins are tabulated together, between 90% and 65% of all consumer systems scanned with BrowserCheck since June 2010 reported at least one out-of-date component, depending on the month. In January 2011, about 80% of the machines were vulnerable. Read more….

Tags: 60606, Adobe Flash, Adobe Reader, advantages of using a consultant, already-patched bugs, anti-virus, apple, applications, best Internet Phone Service, browser updates, BrowserCheck, Bugs, Chicago Computer Help Desk, Chicago Computer Services, Chicago Data Center, Chicago Internet Providers, chicago PC Technician, Chicago Telcom Audits, Chicago VoIP, Chrome, cloud computing, Cloud Computing Chicago, compliance management, Computer Consultants, Computer Help Desk, Computer Install, computer programmers, computer Serurity, Computer Services, Computer Technician in Chicago, Computer Technician Outsourcing, Computers, consumer systems, data, data centers, Desktop Services, email services, Firefox, Google, Help Desk Services, IE, internet, Internet Explorer, IT Audits, IT Outsourcing, Java, laptops, linksys routers, Linux machines, MAC, Mozilla, Network Design, Network Optimization, Network routers, new patches, Online, Oracle, out-of-date-components, patches, PC repairs, PC's, plug-ins, Qualys, QuickTime, reader, Routers, RSA Conference, Security, security experts, security risk, security scans, self updating, Server Management, Silverlight, statistics, Telcom Audits, telephone auditing review, The Syber Group, unpatched, Virtual Computers, Virtual Machine, Virtualization, VoIP in Illinois, VoIP MPLS, voip office phone systems chicago, vulnerable browsers, web, Windows, Windows Media Player, Windows Technician, Wireless Internet

Microsoft Warns of New Windows MHTML Bug

February 1, 2011 by admin
Filed under Internet

Comments Off on Microsoft Warns of New Windows MHTML Bug

In a security alert issued Friday, Microsoft confirmed that a bug in Windows’ MHTML (MIME HTML) protocol handler can be used by attackers to run malicious scripts within Internet Explorer (IE) browser.

“The best way to think of this is to call it a variant of a cross-side scripting vulnerability,” said Andrew Storms, Director of Security Operations at nCircle Security. Cross-site scripting bugs, often shortened to XSS, can be used to insert malicious script into a Web page that can then take control of the session.

“An attacker could pretend to be the user, and act if as he was you on that specific site,” said Storms. “If you were at Gmail.com or Hotmail.com, he could send e-mail as you.”

“Such a script might collect user information, for example e-mail, spoof content displayed in the browser or otherwise interfere with the user’s experience,” said Angela Gunn, a Microsoft security spokeswoman, in a post to the Microsoft Security Response Center (MSRC) blog.

The vulnerability went public last week when the Chinese Web site WooYun.org published proof-of-concept code.

MHTML is a Web page protocol that combines resources of several different formats — images, Java applets, Flash animations and the like — into a single file. Only Microsoft’s IE and Opera Software’s Opera support MHTML natively: Google’s Chrome and Apple’s Safari do not, and while Mozilla’s Firefox can, it requires an add-on to read and write MHTML files.

Wolfgang Kandek, the Chief Technology Officer at Qualys, pointed out that IE users are most at risk. “While the vulnerability is located in a Windows component, Internet Explorer is the only known attacker vector,” said Kandek in an e-mail message. “Firefox and Chrome are not affected in their default configuration, as they do not support MHTML without the installation of specific add-on modules.”

All supported versions of Windows, including Windows XP, Vista and Windows 7, contain the flawed protocol handler, one reason why Storms believes it will take Microsoft time to come up with a patch.

In place of a patch, Microsoft recommended that users lock down the MHTML protocol handler by running a “Fixit” tool it’s made available. The tool automates the process of editing the Windows registry, which if done carelessly could cripple a PC, and lets IE users continue to run MHTML files that include scripting by clicking through a warning.

Courtesy-TheGuruReview

Tags: Bugs, Internet Explorer, MHTML BUG, Microsoft, MSRC, nCircle, Security, XSS

« Previous Page

Advantages of Using a Consultant

Information Security

Biggest Data Breaches

News

Connect With Us

Join Our Mailing List

Latest News

Request A Quote

Contact Us

New Exploit Exposed In Microsoft Windows

80% Of Browsers Found To Be At Risk Of Attack

Microsoft Warns of New Windows MHTML Bug