March 12, 2009

Microsoft patch may not work

One of the patches issued by Microsoft this week does not fix one of the vulnerabilities it was meant to, according to PandaLabs. Bulletin MS09-008 was supposed to patch four flaws, but one of them -- related to Web Proxy Autodiscovery Protocol (WPAD) registration -- was not resolved, Panda said in a news release. Even with the patch, the bug is still active and can be used to launch man-in-the-middle attacks on Windows DNS servers, allowing an attacker to possibly access sensitive information, Panda said. — CAM
Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.