security bulletins

Discussion in 'other security issues & news' started by Rita, Feb 7, 2005.

Thread Status:
Not open for further replies.
  1. Rita

    Rita Infrequent Poster

    Jun 28, 2004
    wilds of wv
    Microsoft said on its TechNet site that it expects to issue 13 security bulletins Tuesday, some of them for critical security holes in Windows Media Player, MSN Messenger, Microsoft Office and Visual Studio.

    The software giant won't reveal full details of vulnerabilities to be patched until Tuesday afternoon. But Thursday it revealed that its patch release will address:

    "Moderate" security holes affecting SharePoint Services and Office;
    "Important" vulnerabilities in the .NET Framework;
    One or more "critical" vulnerabilities affecting Microsoft Office and Visual Studio; and
    One or more "critical" flaws in Windows, Windows Media Player and MSN Messenger.
    Several media reports in the past month have mentioned vulnerabilities in Media Player. And Thursday several antivirus firms reported the appearance of two pieces of malicious code targeting MSN Messenger.

    PandaLabs of Glendale, Calif., was among those issuing an alert for Bropia-E and Gaobot-CTX, which displays a photo of a roast chicken with a bikini tan in its messages.

    Bropia-E uses MSN Messenger to spread, disguising itself as an image file with a variable name "taken from a long list of options and a .pif or .scr extension," PandaLabs said. Examples include "bedroom-thongs.pif," "LMAO.pif" or "LOL.scr."

    If the user runs the file, the sinister code sends itself out to all the contacts in MSN Messenger and creates various files on the computer, including one called "winhost.exe," which contains Gaobot-CTX.

    Gaobot-CTX carries out the actions that pose the biggest threat to the computer, connecting to IRC channels and waiting for commands from a remote user, PandaLabs said. This allows the attacker to download "all kinds of files to the affected computer: spyware, adware, other viruses, etc."
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.