Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
If the rampant public hacking wasn't enough to convince many that 2011 was pulled from the 1990s, Microsoft on Tuesday said it moved to fix a "ping of death" bug considered largely extinct for the last decade.
The "ping of death" was a malformed packet sent to a variety of operating systems, routers or printers that could crash the target.
The vulnerability detailed as "important" in CVE-2011-1871 allowed attackers to trigger a remote reboot in Windows machines.
"A denial of service vulnerability exists in the Windows TCP/IP stack that is caused when the TCP/IP stack improperly handles a sequence of specially crafted ICMP messages," Microsoft explained.
"An attacker who successfully exploited this vulnerability could cause the target system to stop responding and automatically restart."
The local Windows firewall would not stop the attack.
The update MS11-057 for Internet Explorer fixed five private and two publicly disclosed vulnerabilities. The most severe allowed remote code execution if a user viewed a specially crafted webpage using Internet Explorer.
MS11-058 resolved two privately reported vulnerabilities in Windows DNS server.
The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk, the report said.
Further details on the fixes will be discussed on a webcast at 4am tomorrow.
- With Greg Masters, SC Magazine US.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.