- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Microsoft has patched bugs in its Exchange, SQL Server and Windows software that could give hackers new ways to break into computers.
The company released four sets of patches Tuesday, all rated "important." They address a total of nine bugs in Microsoft's products.
Although Microsoft has not rated any of its patches as critical, they will still keep corporate system administrators busy this week, said Andrew Storms, director of security operations with security vendor nCircle. "Not only will the IT admins have their hands full with the normal client-side updates, but they also need to go patch two of the most important enterprise services in an organization -- e-mail and databases," he said via instant message.
Security experts say that the DNS (Domain Name System) bug, is particularly worrisome. That's because the bug is due to a design flaw in the DNS protocol that affects all DNS servers on the Internet.
By sending certain types of queries to DNS servers, the attacker could then redirect victims away from a legitimate Web site -- say, Bofa.com -- to a malicious Web site without the victim realizing it. This type of attack, known as DNS cache poisoning, doesn't affect only the Web. It could be used to redirect all Internet traffic to the hacker's servers.
The bug could be exploited "like a phishing attack without sending you e-mail," said Wolfgang Kandek, chief technical officer with Qualys.
Other DNS software providers, including the Internet Software Consortium, Cisco and Sun Microsystems are also patching this vulnerability.
Although this flaw does affect some home routers and client DNS software, it is mostly an issue for corporate users and ISPs (Internet service providers) that run the DNS servers used by PCs to find their way around the Internet, said Dan Kaminsky, the IOActive security researcher who discovered the problem. "Home users should not panic," he said in a Tuesday conference call.
One of the bugs that Microsoft patched on Tuesday had previously been disclosed, making it a priority fix. That flaw, which lies in the version of Windows Explorer used by Vista and Windows Server 2008, could give criminals a way of running unauthorized software on a Windows PC. For that to happen, the attacker would first have to convince the user to open and save a specially crafted saved-search file using Windows Explorer.
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment