Abarbarian
Acruncher
- Joined
- Sep 30, 2005
- Messages
- 11,023
- Reaction score
- 1,223
Might not be that important for single pc users. It is still a security risk that ain't been fixed or advertised by MS.
http://fsfe.org/news/2009/news-20091019-01.en.html
"Server Message Block (SMB) is a protocol which enables shared access to printers and files. SMB2 is a new version of this protocol, which was introduced with Windows Vista and Windows Server 2008, and which is also available on Windows 7. Current implementations of SMB2 are affected by this vulnerability. This is a new vulnerability, not the one described in Microsoft Security Advisory 975497. The listed operating systems can therefore still be successfully attacked even after installation of the updates of Microsoft's October patchday (MS09-050).
Currently there is no update or patch available from the vendor. The only recommended actions are to be aware of and track the vulnerability. As a workaround it can only be recommended to limit access to SMB2 servers to trusted systems by firewalls, or to disable the SMB2 service."
***********************************************
Mozilla blocks Microsoft's buggy Firefox plugin
http://www.techworld.com.au/article/322568/mozilla_blocks_microsoft_buggy_firefox_plugin
"Robert McMillan (IDG News Service) 18/10/2009 05:05:00
Tags: security, mozilla, Microsoft, firefox, exploits and vulnerabilities
Have your say!0
Mozilla developers have blocked a Firefox plugin that was quietly pushed out by Microsoft, saying that it presents a security risk.
Microsoft shipped the Firefox add-on as part of a .Net software update last February, causing outrage among some Firefox users, who complained that the software was sneaked onto their systems without their knowledge or approval and was extremely difficult to remove.
On Tuesday, Microsoft warned that Firefox users who have not applied a recent Internet Explorer patch were vulnerable to a "browse-and-get-owned attack" because of a bug in the Microsoft .Net Framework Assistant add-on."
So it took from February to October for MS to find and issue a fix, sounds dodgy to me.
http://fsfe.org/news/2009/news-20091019-01.en.html
"Server Message Block (SMB) is a protocol which enables shared access to printers and files. SMB2 is a new version of this protocol, which was introduced with Windows Vista and Windows Server 2008, and which is also available on Windows 7. Current implementations of SMB2 are affected by this vulnerability. This is a new vulnerability, not the one described in Microsoft Security Advisory 975497. The listed operating systems can therefore still be successfully attacked even after installation of the updates of Microsoft's October patchday (MS09-050).
Currently there is no update or patch available from the vendor. The only recommended actions are to be aware of and track the vulnerability. As a workaround it can only be recommended to limit access to SMB2 servers to trusted systems by firewalls, or to disable the SMB2 service."
***********************************************
Mozilla blocks Microsoft's buggy Firefox plugin
http://www.techworld.com.au/article/322568/mozilla_blocks_microsoft_buggy_firefox_plugin
"Robert McMillan (IDG News Service) 18/10/2009 05:05:00
Tags: security, mozilla, Microsoft, firefox, exploits and vulnerabilities
Have your say!0
Mozilla developers have blocked a Firefox plugin that was quietly pushed out by Microsoft, saying that it presents a security risk.
Microsoft shipped the Firefox add-on as part of a .Net software update last February, causing outrage among some Firefox users, who complained that the software was sneaked onto their systems without their knowledge or approval and was extremely difficult to remove.
On Tuesday, Microsoft warned that Firefox users who have not applied a recent Internet Explorer patch were vulnerable to a "browse-and-get-owned attack" because of a bug in the Microsoft .Net Framework Assistant add-on."
So it took from February to October for MS to find and issue a fix, sounds dodgy to me.