RSA's Coviello: Let's cook up a thinking security defense system   08 Apr 2008 15:00 GMT
RSA president Arthur Coviello Jr. says security is hampering innovation and that shouldn't happen. The fix: Security pros need to think different and that means cooking up technology that acts as information security immune system. Coviello, who delivered his keynote at the RSA conference in San Francisco,...
Source: ZDNet

RSA: Researcher: Web page can take over your router   08 Apr 2008 13:00 GMT
At the RSA Conference in San Francisco, Dan Kaminsky will demonstrate how a Web-based attack would work on widely used routers, including those made by Cisco's Linksys division and D-Link.

Source: Computerworld

Microsoft patches critical top-to-bottom bugs in Windows   08 Apr 2008 13:00 GMT
Microsoft released eight security updates today, more than half of them marked "critical," that fixed 10 bugs in Windows, Office and Internet Explorer.

Source: Computerworld

Microsoft calls for talks on Internet trust, safety   08 Apr 2008 13:00 GMT
In an initiative dubbed dubbed "End to End Trust," Microsoft is calling for broad discussions about the safety of the Internet.

Source: Computerworld

RSA: IBM's project Phantom to lock down virtual machines   08 Apr 2008 13:00 GMT
The software is essentially an intrusion-prevention system that sits at the hypervisor level -- but it's a research project with no specific timeframe for availability.

Source: Computerworld

MS08-025 – Important: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)   08 Apr 2008 08:00 GMT
Bulletin Severity Rating:Important - This important security update resolves a privately reported vulnerability in the Windows kernel. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Source: TechNet

MS08-024 - Critical: Cumulative Security Update for Internet Explorer (947864)   08 Apr 2008 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS08-023 - Critical: Security Update of ActiveX Kill Bits (948881)   08 Apr 2008 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS08-022 – Critical: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)   08 Apr 2008 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Source: TechNet

MS08-021 – Critical: Vulnerability in GDI Could Allow Remote Code Execution (948590)   08 Apr 2008 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Source: TechNet