Network Computing is part of the Informa Tech Division of Informa PLC
Security Threat Watch Update
Compliments of today's Security Threat Watch newsletter:
There have been a number of interesting vulnerabilities this week.
Microsoft released a patch for a vulnerability in JPEG graphic parsing
in various GDI libraries. Part of the problem with this bug is that
various applications are supposed to ship their own versions of the GDI
libraries, which means you literally have to search your file system for
vulnerable files to update. Then there is the issue of whether the
third-party application will even function correctly with the newer GDI
Multiple vulnerabilities have been found in the Mozilla application
suite (Mozilla, Firefox and Thunderbird). Some of these bugs have been
reported before, but we thought we'd re-report the collected advisory.
Lastly, Corsaire released a large number of advisories relating to the
improper parsing of MIME documents by various products. The exact impact
is product-specific, but improper MIME parsing can be exploited directly
(buffer overflows, etc.) or indirectly (bypassing virus scanning
gateways, creating malicious attachments, etc.). The slew of advisories
are collected in this issue under a single entry with the title
"Multiple vendors: various MIME interpretation problems."
Shameless plug: This is just the introduction to a complete listing of vulnerabilities and patches organized by platform. You can get the whole kit and caboodle by signing up for this free, weekly newsletter, created by a great bunch of security wonks at Neohapsis.
Recommended For You
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.