Virtualization Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO ERP
 CIO Enterprise Applications
 CIO Strategy & Innovation
 CIO Project Management
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships

July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)

We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.

Secrets of Successful Vendor Contract Negotiations for the Mid-Market

Sept. 10, 2009, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)

On this free public Council teleconference, Matthew A. Karlyn, attorney at Foley & Lardner in Boston, will share tips on negotiating tactics and new, creative contract terms to help mid-market CIOs make better deals.

Executive Competencies Assessment Tool

Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
News
 

Microsoft Confirms Newest IE Bug Went Unpatched

Microsoft confirms that a new IE bug was not fixed by Tuesday's record-setting security update, which included four "critical" patches for IE.

 

By Gregg Keizer

December 11, 2008Computerworld

Microsoft today said it's investigating reports of a new unpatched vulnerability in Internet Explorer (IE) that did not get patched in the massive update on Dec. 9.

Other researchers, meanwhile, said that the timing of the attacks, which have already started, was not coincidental.

"The updates Microsoft released yesterday do not address this possible vulnerability," a Microsoft spokesman said today in an e-mail reply to questions, "but I can tell you that Microsoft is investigating these new public claims of a possible vulnerability in Internet Explorer."

Exploit code, which first surfaced in China, is actively seeking out victims, according to security researchers there and in the U.S. Those researchers have found attack code on multiple malicious domains and servers. Elsewhere today, an exploit was posted to the milw0rm.com site, a popular destination for public posting.

Symantec Corp. echoed Microsoft today, confirming that the flaw was not fixed by Tuesday's record-setting update, which included four patches, all judged "critical," for IE.

"The attack works successfully against a fully patched Windows XP SP3 with Internet Explorer 7, including all recent Microsoft Tuesday patches," said Symantec researcher Elia Florio in an entry to the company's vulnerability blog. "Also, Internet Explorer 6 could potentially be affected by the same problem and is therefore only temporarily immune to this initial exploit, which seems to target Internet Explorer 7 on Windows XP and 2003 systems."

There is some minor disagreement among researchers about the underlying bug. HD Moore, a noted vulnerability researcher and the labs director at BreakingPoint Systems, a Texas-based network test company, said his analysis points to a flaw in how IE handles the HTML "span" tag.

Others, however, said that the vulnerability is broader than that. "It's a problem in the .dll that handles the rendering of multiple types of HTML content in IE," said Ben Greenbaum, a senior manager in Symantec's security response group. "But the bug is triggered by the span tag, so it would be accurate to say it's a combination of both of those sources."

Greenbaum said Symantec has monitored attacks, but downplayed the threat for now. "Even in those regions [China and Asia], we're not seeing very high amounts of attacks," he said. "And in our own lab tests, the exploit is not successful against every machine. It's not all that reliable."

He guessed that the current attack code works, at best, a third of the time, but is most likely even less reliable than that. "Only a small portion of these attacks will be successful."

 
 
Loading...
TOOLS
CONNECTIONS
Microsoft
Symantec
 
WHITE PAPERS

VMware vSphere (TM) and Intel (R) Xeon (R) Processor 5500 Series

The VMware vSphere (TM) and Intel Xeon processor 5500 series provides the ROI needed to succeed in an on-demand business environment.
 

Faster, Easier, more Effective IT Infrastructure

Business continuity with low administration and maintenance costs. Can you make it happen? This Oracle business brief explains how mid-sized can improve performance by creating an IT infrastructure that makes working faster, easier and more effective.
 

ERP at the Speed of Light

Without the right strategy and tools, implementation acceleration carries the risk of abbreviated end user training and change management, over-engineering of business processes, and other problems that can lead to higher over-all cost of ownership and the erosion of business benefit.
 

a Reliable and Powerful, and Affordable IT Infrastructure

This whitepaper provides an overview of the challenges midsize organizations face, and how Oracle products can help them overcome those hurdles.
 

5 Tips for Data Loss Prevention Solutions

RSA® The Security Division of EMC has identified 5 key considerations to help organizations simplify the evaluation process for selecting a DLP solution that is right for their business.
 

Communications Transformation Platform

The Communications Transformation Platform enables you to provide the services your customers demand - faster, cheaper and with less risk.
 

WEBCASTS

Managing Client Systems in the Enterprise

Keeping client systems costs under control is just one of the many initiatives IT must address when trying to manag...
 

Webcast with Dan Vesset: Investing in Business Analytics Technology

What exactly is business analytics and why should you care? Dan Vesset of IDC and Gaurav Verma of SAS answer this a...
 

Capitalize on Your SAP Content

After 18 years of partnership and over 3,000 successful customer deployments, Open Text has become SAP's premier pa...
 

Enterprise Cloud Computing: Ready for Primetime?

The progression toward enterprise cloud computing is happening today, as industry leaders deploy technologies that ...
 

Preparing Your Business Services for the Future

Would you trust your network monitoring tools enough to know when something is truly halting a business service? Wh...
 

Enterprise System Management Challenges in Big Organizations with Eli Almog

In this Podcast with Eli Almog, Corporate Architect in BMC's CTO Office, discusses how IT managers can know when it...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Maximizing the Business Value of the PC Infrastructure

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

Stop Application Fraud at the Source with Device Reputation

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Automating the Generation and Secure Distribution of Excel Reports

Reduce risk, gain agility. See how Progress can help your business.

Improve ROI, lower TCO and reduce energy consumption.

Introducing the new HP ProLiant G6 server family

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Seven Ways ITIL Can Help You in an Economic Downturn

Data Loss Prevention: A Better Way to Approach Security

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

White Paper: 8 Key Ingredients to Building an Internal Cloud

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Gartner Shares Predictions for 2009

64-page prescriptive guide to security, compliance, and IT operations.

Get Google Enterprise Search for your business information.

Accenture IT Consulting: Enabling high performance. More...