Information Security Philippines

You might want to take a look at this one just in case you are one of the many people running around with an Intel Centrino powered notebook.

Intel has released driver security updates for Centrino device drivers for Windows and for the PROSet management software.
http://support.intel.com/support/wireless/wlan/sb/CS-023068.htm

There are three issues identified:
Intel® Centrino Wireless Driver Malformed Frame Remote Code Execution
http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm
Intel® PROSet/Wireless Software Local Information Disclosure
http://support.intel.com/support/wireless/wlan/sb/CS-023066.htm
Intel® Centrino Wireless Driver Malformed Frame Privilege Escalation
http://support.intel.com/support/wireless/wlan/pro2100/sb/CS-023067.htm

The first and the third seem to be most severe. At this point we don’t know of any public exploits for these vulnerabilities. The second one (PROSet info disclosure) has been around for a while and is known but local only.

(more…)

Microsoft is disputing claims of a zero-day flaw in its PowerPoint application that could allow remote code execution.

“Microsoft’s initial investigation has revealed that this is not a new zero-day vulnerability,” says a Microsoft spokesman. “Microsoft is actively working in conjunction with MSRA partners to verify those findings and will provide additional information and customer guidance once the investigation is complete.”

However, the flaw, whether zero-day or otherwise, appears to be the target of a Trojan.

(more…)

eEye Digital Security uncovered a new security vulnerability in IE 6.0 Service Pack 1 when it began investigating reports that IE patched with the latest cumulative fix was crashing when browsing some Web sites. The group found that the patch, issued Aug. 8, was the source of a new security flaw that allows an attacker to run code with the same permissions as the logged-on user.

Microsoft privately issued a patch for the newly introduced flaw on Aug. 11 and had planned to release the patch for general distribution today. The updated advisory and patch will be available here, likely next week, researchers say.

“Due to an issue discovered in final testing that impacts a customer’s ability to broadly deploy the update, Microsoft will not be re-releasing MS06-042 today,” says a Microsoft spokesman. “Microsoft will re-release the update for those customers running Internet Explorer 6 Service Pack 1 when that issue is resolved.”

(more…)