Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Microsoft Plugs "Drive-By" and 14 Other Holes 189

CWmike writes "Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel, and Word, including one that will probably be exploited quickly by hackers. None affects Windows 7. Of today's 15 bugs, Microsoft tagged three 'critical' and the remaining 12 'important.' Experts agreed that users should focus on MS09-065 first and foremost. That update, which was ranked critical, affects all still-supported editions of Windows except Windows 7 and its server sibling, Windows Server 2008 R2. 'The Windows kernel vulnerability is going to take the cake,' said Andrew Storms, director of security operations at nCircle Network Security. 'The attack vector can be driven through Internet Explorer, and this is one of those instances where the user won't be notified or prompted. This is absolutely a drive-by attack scenario.' Richie Lai, the director of vulnerability research at security company Qualys, agreed. 'Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver.'"

Submission + - Aim 6 Worm

benvec writes: Researchers say AIM vulnerable to worm attack. . A critical flaw in the way that the AOL's instant messaging client displays Web-based graphics could be exploited by criminals to create a self-copying worm attack, security researchers are warning. The flaw was discovered by researchers at Core Security Technologies, which has been working with AOL over the past few weeks to patch the problem. AOL's servers are now filtering instant messaging traffic to intercept any attacks, but the company has yet to patch the underlying problem in its client software, security researchers said Tuesday.

You have mail.