Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
IE6 more vulnerable to unpatched Microsoft flaw, Symantec says
The problem is within the Snapshot Viewer ActiveX control
August 4, 2008 12:00 PM ETIDG News Service - A vulnerability in as-yet-unpatched Microsoft Corp. software poses a more severe threat to Internet Explorer 6 users than it does to those using a newer version of the browser, security vendor Symantec Corp. has warned.
The flaw in Microsoft's Access database software came to light just as Microsoft issued its patches for the month on July 8. The problem is within the Snapshot Viewer ActiveX control, which allows someone to see an Access report without launching the software.
Attackers are actively exploiting the vulnerability by either creating Web pages or hacking existing Web pages to host attacks. The hackers lure people to the pages through spam or instant messages.
IE7 will prompt users before downloading a particular ActiveX control for the first time. But IE 6 will automatically download the control, since it is digitally signed by Microsoft, Symantec said in its advisory. Once the ActiveX control is downloaded, the flaw can allow an attacker to take over a PC.
Symantec advises administrators to set three "kill bits" for the ActiveX control. A kill bit is a Microsoft work-around for preventing an ActiveX control from running in Internet Explorer.
Microsoft has so far not said when it plans to release a fix. The company's next round of patches is scheduled to be released Aug. 12.
Symantec said last month that crimeware authors had included an exploit for the Snapshot viewer vulnerability in Neosploit, a tool kit that lets hackers run a handful of exploits on a PC to see if it has an unpatched vulnerability.
However, last week it appeared the cybercriminals who created Neosploit had stopped selling it, perhaps because it's price -- ranging up to $3,000 -- was too high, and demand was declining.
Reprinted with permission from
IDG.netStory copyright 2009 International Data Group. All rights reserved.
Symantec
Additional Resources
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Computerworld Reports
Sign up to receive updates on the latest Security resources
