Larry Seltzer

Despite reports indicating that Microsoft Corp. was planning to allow users with pirated copies of Windows XP to install Service Pack 2, the company has confirmed to eWEEK.com that this will not be the case. “Recent press reports indicating Windows XP Service Pack 2 will install on pirated or illegal copies of Windows XP are […]

Microsofts security alerts for May were posted this afternoon. And the list was refreshingly short. The single new vulnerability revealed does allow for remote code execution by an attacker, but with many limitations on the attack, leading Microsoft to classify the problem as “important.” The problem is in the Windows Help and Support Center in […]

Tuesday is Microsofts monthly patch day, and Im going to make a prediction: more of the same. Were going to see holes in Internet Explorer and Windows discovered by security research firms, who will get themselves quoted and otherwise mentioned all over the news because they discovered the problems and reported them to Microsoft. One […]

Will we ever see something like the Sasser worm for the Macintosh or Linux? Its an interesting question, and not just for academic reasons. Undoubtedly, many people who choose these platforms do so because they think it immunizes them from the sorts of attacks Windows users must deal with. This past week saw the announcement […]

SMTP authentication is coming. But in what form? There is a broad consensus among experts that SMTP authentication, by which Internet mail servers will be able to confirm that messages sent to them come from the domains from which they purport to come, will help to fight spam. Nobody thinks its the cure for spam, […]

A new worm has been detected by the virus research community that spreads through the LSASS vulnerability in various versions of Windows. Researchers and security companies are alarmed and have assigned an elevated threat level to the worm—named Sasser.A—even though it has not yet spread far. Unlike the Gaobot variant found several days ago that […]

Nobody really knows where worm authors go shopping for exploits to develop, but its widely assumed that they are greatly assisted by exploit code released by legitimate researchers. Go look at most vulnerability reports, and youll see references to where exploit code may be obtained. Why would a “legitimate” researcher do such a thing? If […]

Microsoft Corp. has confirmed in a knowledge base article that its patch for a critical bug can cause some Windows 2000 systems to lock up and fail at boot time. The patch is for a particularly critical vulnerability of which experts have begun to see exploits in the last few days. The knowledge base article […]

An exploit has begun circulating for another of the vulnerabilities in Windows revealed by Microsoft Corp. earlier this month. The vulnerability, a buffer overrun in the Local Security Authority Subsystem Service (LSASS), was patched as part of a large, cumulative update coded MS04-011. The exploit takes the form of a new variant of the Gaobot […]

A disturbing pattern is emerging from the last couple of months worth of Microsoft security patches: Some of the critical vulnerabilities fixed had been reported to the company quite some time before, 200 days before the patch in one case. I spoke with Firas Raouf, chief operating officer of eEye Digital Security, a vulnerability management […]