Ryan Naraine

Exploit code for a malicious worm capable of wreaking havoc through Oracle databases has been tweaked and published, prompting a new round of warnings that an actual attack is inevitable. Two months after an anonymous researcher released the first public example of an Oracle database worm, the code has been advanced and republished on the […]

Microsoft Corp.s fix for the Windows Metafile vulnerability will be shipped Thursday as a critical, out-of-cycle update. Reversing an earlier decision to release the patch on Jan. 10., the software maker announced that strong customer demand for an emergency update triggered the shift in plans. The fixes have been included in the MS06-001 bulletin and […]

At exactly 00:00 hours GMT on Thursday (7 p.m. in New York, 4 p.m. in California), computers already infected with the Sober worm will start connecting to a known list of URLs to download a new mutant. Because this is known, the pre-programmed attack may not happen at all. However, anti-virus experts have issued a […]

An unpatched security vulnerability in Research in Motion Ltd.s BlackBerry Enterprise Server could put millions of business users at risk of denial-of-service attacks, the company acknowledged Tuesday. In an advisory, RIM warned that a corrupt TIFF (Tagged Image File Format) attachment could be used in an attack that would stop a user from being able […]

Another unofficial patch for the Windows Metafile flaw is making the rounds. Security vendor ESET, makers of the NOD32 anti-virus program, on Wednesday shipped an interim patch for the bug, almost a week before Microsoft Corp. is scheduled to release a properly tested security update. Rick Moy, vice president of marketing and sales for ESET […]

A cryptographically signed version of Microsoft Corp.s patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the companys round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused “a fast-track, pre-release version of the update” to […]

Microsoft Corp. has slapped a buyer beware tag on a third-party patch for the zero-day Windows Metafile flaw and promised that its own properly tested update will almost certainly ship Jan. 10. The companys latest guidance comes days after an unofficial hotfix from reverse-engineering guru Ilfak Guilfanov got rare blessings from experts at the SANS […]

Adobe Systems Inc. wants you to know when your PDF documents are being tracked. The companys Acrobat and Reader software products have been updated to give users a pop-up warning when a document that is tagged for tracking attempts to make a connection to a Web service. Adobe Director of Security Solutions John Landwehr confirmed […]

Virtual infrastructure software maker VMWare Inc. has rushed out fixes for a “very serious” security flaw that put users of its product line at risk of code execution attacks. The vulnerability, which affects both Windows and Linux systems, affects VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1 and the free VMware Player 1.0. […]

Microsoft Corp. has shipped an update to Software Update Services 1.0 to correct a Patch Day glitch that caused some previously approved security updates to show up as “unapproved.” The SUS 1.0 Service Pack 1 update comes in the form of a script that resets the approval settings. It is only applicable for SUS 1.0 […]