Microsoft released their largest ever update set this Tuesday past ( a total of 17 updates to fix 40 holes ), which included fixes for all 4 Windows holes related to the Stuxnet worm. This update set includes MS10-090 which fixes 6 CSS issues in IE which have been actively exploited over the last few weeks, as well as MS10-091 which fixes 3 issue sin the OpenType Font driver.
Google have release a Chrome 8 security update relating to 5 vulnerabilities in the browser.
A hidden user has been found in HP’s MSA2000 G3 storage array, which does not show up in the user manager. Unfortunately, this user can not be changed in anyway resulting a severe security issue … only a firmware update is likely to resolve this issue.
A root vulnerability has been found in the Exim mta application, which can be remotely exploited by attackers. By using crafted emails, the attackers were able to launch a shell and place further files on the server. Because Exim is usually set to SUID root, by using additional techniques the attackers were able to obtain root privileges.
Apparently the FBI paid some open source coders working on OpenBSD’s IPSec implementation, to implement hidden backdoors about ten years ago. This is real nasty stuff and one has to wonder what else American security departments have gotten their grubby mits on. When are the Americans going to stop this ‘we rule the world’ crap?
