Lunarsoft

A security researcher has posted code for an exploit targeting a component of Microsoft Office.

The vulnerability lies in a conversion tool used to convert Microsoft Works WPS files into Word RTF files The flaw could allow an attacker to remotely execute code on a user's system.

Microsoft repaired the vulnerability as part of its monthly security release on 12 February.

When the update was released Microsoft credited discovery of the flaw to iDefense, which in turn credited security researcher Damian Put.

Two days after the patch was released, a user by the name of 'chujwamwdupe' posted the sample exploit code to security site milw0rm.

The US Computer Emergency Response Team urged users to protect against the vulnerability by installing Microsoft's most recent security update.

Source: Vnunet 

The US presidential primaries have become the latest lure for spreading malware as attackers use 'videos' of candidates to tempt users into downloading Trojan applications.

Researchers at Symantec and McAfee reported that malware distributors are using presidential candidate Hillary Clinton as bait for a malicious file download.

Symantec warned of an attack which uses spam emails to spread a 'video' of Clinton. A file named 'mpg.exe' downloads another Trojan application which infects the user's system.

Researchers at McAfee noted a similar attack which uses links hidden inside emails again promising a video of Clinton but redirecting to a page hosted on Google ads.

Source: Vnunet

Security researchers have uncovered "critical" security flaws in a version of the Linux kernel used by a large number of popular distributions. The three bugs, which allow unauthorized access to kernel memory, exist in all versions of the Linux kernel up to 2.6.24.1, including Ubuntu, Red Hat, and others.

The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory.

They could be exploited by malicious, local users to cause denial of service attacks, disclose potentially sensitive information, or gain "root" privileges, according to security experts.

The bug affects all versions of the Linux kernel up to version 2.6.24.1, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian and others are affected.

Source: InfoWorld

Microsoft Corp. announced the departure of several executives Thursday, among them a Silicon Valley veteran recruited to help fix its unprofitable Web business and one in charge of marketing Windows Vista, and the promotion of more than a dozen others across the company.

The changes come just two weeks after Microsoft offered to buy Web portal and search competitor Yahoo Inc. for more than $40 billion, a move industry watchers broadly see as an admission that Microsoft's own Web strategy had failed.

If the proposed Yahoo takeover is completed, Microsoft is expected to make more radical changes as it blends the two companies into a more formidable challenger to Google Inc., the dominant player in the lucrative Internet search and advertising markets.

Microsoft spokesman Lou Gellos said Thursday's announcement is unrelated to the Yahoo negotiations.

Source: Yahoo News