Brian Prince

Patch Tuesday has arrived, and brought with it patches for a number of security vulnerabilities rated “critical” by Microsoft. The four updates considered critical deal with remote code execution vulnerabilities in Microsoft Agent, the Universal Plug and Play service, Content Management Server and the Windows Client/Server Run-time Subsystem (CSRSS). A fifth update is rated “important” […]

Microsoft has issued a hotfix for users of Windows XP SP2 experiencing problems with third-party programs. Last Tuesdays out-of-cycle MS07-017 update was Microsofts answer to a number of vulnerabilities, including the Windows ANI bug. But with those fixes apparently caused problems for users of ElsterFormular, a German tax calculator; the Realtek HD Audio Control Panel; […]

Forrester Research analysts are urging corporations to prepare for a shift in the Network Access Control market in the years to come, as NAC vendors move toward new software-based tools that leverage endpoint technology to proactively manage risk. In a report titled “Client Management 2.0,” Forrester analysts Natalie Lambert and Robert Whiteley forecast the death […]

Some 46,000 University of California, San Francisco, students, faculty and staff are being cautioned to stay on the lookout for identity theft after the school reported a possible data breach. In late March, UCSF determined that there may have been unauthorized electronic access to a UCSF computer file server located at the University of California […]

Yahoo has patched a buffer overflow vulnerability in its instant-messaging tool that would have enabled attackers to potentially execute code on a compromised machine. The flaw exists in an ActiveX control that is part of the Yahoo Messenger audio conference control. If exploited, a buffer overflow could cause a user to be involuntarily logged out […]

Quantum Corp. has launched a new version of the StorNext data management software to help customers construct an infrastructure for consolidating resources to cut costs and improve workflow operations. Slated to ship in the second quarter of this year, StorNext 3.0 extends data sharing to servers on the local area network and leverages Quantums data […]

IBM has patched multiple flaws in its Tivoli Provisioning Manager for OS Deployment that allowed attackers to crash the service or execute arbitrary code with SYSTEM priviledges. Tivoli Provisioning Manager for OS Deployment is a network boot server that facilitates central management of networked workstations, implements PXE (Pre-boot Execution Environment) as well as a Web-based […]

Network security vendor DeepNines Technologies is combining one of its products with URL filtering technology from SurfControl to create an intelligent filter to help school districts prevent students from using Web proxies to view unauthorized Web sites. The new tool, named iTrust, is aimed primarily at school districts because of the provisions of the CIPA […]

A buffer overflow vulnerability caused by an integer underflow in the file_printf function in Unix-like operating systems has been patched. The flaw is contained within the file program and could allow an attacker to execute arbitrary code or create a denial of service condition, according to a posting on the United States Computer Emergency Readiness […]

Arbor Networks on April 2 announced a new version of Arbor Peakflow X, featuring an extended audit trail for compliance reporting and other enhancements. Peakflow X 3.7 includes integration of data gathered by Arbors ATLAS (Active Threat Level Analysis System) in an effort to reduce the manual collection and analysis of new vulnerabilities, exploits, botnets […]