Vole holds fire on core flaw

Wait until patch Tuesday

By Nick Farrell

Tue Nov 07 2006, 09:26

MICRSOFT'S DEDICATION to releasing its patches once a month might cost more than a few users control of their computers.

Security boffins have discovered an "extremely critical" vulnerability has been discovered in Microsoft's XML Core Services.

Secunia says the flaw, which only hurts those who use Internet Exploder, is caused by an error in the XMLHTTP 4.0 ActiveX Control.

ISS X-Force says the flaw could lead to loss of confidential information, disruption of business, or further compromise.

According tonews.com, the Vole has admitted that the bug is being exploited by hackers, but it does not seem to be rushing to fix the flaw before its normal run of bug releases on November 14.

A spokesVole said that Microsoft will determine, based on "customer needs" whether to release a patch during the company's monthly release process or an out-of-cycle security update.

In other words, if enough Volish punters find their machines compromised, Microsoft will release a patch. If not, world plus dog will have to wait until November 14. µ

L'INQ
News.com

McAfee admits to flaws in its Saas Total Protection Allows execute code control and spam distribution Thursday, 19 January 2012, 12:18 PM Read more	DHS assessed Anonymous threat to industrial control systems Limited attack possibility but significant learning potential Monday, 17 October 2011, 13:53 PM Read more
Steve Jobs 1955 - 2011 The man who changed the consumer IT, movie and music industries forever Thursday, 6 October 2011, 12:43 PM Read more	Microsoft and Mozilla ban Dutch government root certificate PKIoverheid is no more Wednesday, 7 September 2011, 14:35 PM Read more
McAfee warns of security holes in car computer systems Safety of drivers is threatened by car hacking Wednesday, 7 September 2011, 13:21 PM Read more	Oracle readies a patch monster Clear your security schedule for Tuesday Friday, 15 July 2011, 15:05 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

MMO Gaming - Flash Develop

Flash Developer - MMO Socia...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Vole holds fire on core flaw

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review

Databases

Network management

Security

Service oriented architecture

Storage

MMO Gaming - Flash Develop

Flash Developer - MMO Socia...

Read more