Virtualization Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO BlackBerry News and Tips
 CIO Research and Analysis
 CIO Microsoft
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Webcast: In the Google Apps Cloud: How to Achieve Your Business Objectives

Dec 3rd, '09, 1 - 2 pm US/Eastern (GMT-5)

Join Council member Brent Hoag, Director, Global IT, at JohnsonDiversey, as he discusses the adoption of Google Apps which has helped meet four corporate goals; sustainability, simplification, increased employee productivity and global collaboration.

Webcast: Collaboration Initiatives: Benchmarks & Best Practices

Dec 15th, '09, 4 - 5 pm US/Eastern (GMT-5)

Join Council members Ruth Thorpe, VP & CIO at the U.S. Pharmaceutical Operations of Sanofi-Aventis, and Gary Kuyper, CIO at Bethany Christian Services, as they speak about their collaboration initiatives and experiences in how and why they chose the social networking and collaboration tools they are using and their business goals for collaboration, and facing culture change challenges.

Data Overview: Collaboration Initiatives Field Guide: Benchmarks & Best Practices

This appendix to the Council Field Guide provides an analysis which discusses benchmarks for collaboration IT implementation costs, adoption rates and payoffs. The overview identifies top IT and business goals and satisfaction rates for collaboration initiatives as well as best practices and lessons learned for implementing collaboration IT.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
News
 

Microsoft Confirms Newest IE Bug Went Unpatched

Microsoft confirms that a new IE bug was not fixed by Tuesday's record-setting security update, which included four "critical" patches for IE.

 

By Gregg Keizer

December 11, 2008Computerworld

Microsoft today said it's investigating reports of a new unpatched vulnerability in Internet Explorer (IE) that did not get patched in the massive update on Dec. 9.

Other researchers, meanwhile, said that the timing of the attacks, which have already started, was not coincidental.

"The updates Microsoft released yesterday do not address this possible vulnerability," a Microsoft spokesman said today in an e-mail reply to questions, "but I can tell you that Microsoft is investigating these new public claims of a possible vulnerability in Internet Explorer."

Exploit code, which first surfaced in China, is actively seeking out victims, according to security researchers there and in the U.S. Those researchers have found attack code on multiple malicious domains and servers. Elsewhere today, an exploit was posted to the milw0rm.com site, a popular destination for public posting.

Symantec Corp. echoed Microsoft today, confirming that the flaw was not fixed by Tuesday's record-setting update, which included four patches, all judged "critical," for IE.

"The attack works successfully against a fully patched Windows XP SP3 with Internet Explorer 7, including all recent Microsoft Tuesday patches," said Symantec researcher Elia Florio in an entry to the company's vulnerability blog. "Also, Internet Explorer 6 could potentially be affected by the same problem and is therefore only temporarily immune to this initial exploit, which seems to target Internet Explorer 7 on Windows XP and 2003 systems."

There is some minor disagreement among researchers about the underlying bug. HD Moore, a noted vulnerability researcher and the labs director at BreakingPoint Systems, a Texas-based network test company, said his analysis points to a flaw in how IE handles the HTML "span" tag.

Others, however, said that the vulnerability is broader than that. "It's a problem in the .dll that handles the rendering of multiple types of HTML content in IE," said Ben Greenbaum, a senior manager in Symantec's security response group. "But the bug is triggered by the span tag, so it would be accurate to say it's a combination of both of those sources."

Greenbaum said Symantec has monitored attacks, but downplayed the threat for now. "Even in those regions [China and Asia], we're not seeing very high amounts of attacks," he said. "And in our own lab tests, the exploit is not successful against every machine. It's not all that reliable."

He guessed that the current attack code works, at best, a third of the time, but is most likely even less reliable than that. "Only a small portion of these attacks will be successful."

 
 
Loading...
 
WHITE PAPERS

2009 Gartner Magic Quadrant Report

In this report, Gartner helps organizations interested in WAN Optimization Controller capabilities truly understand their options.
 

Executive Dashboards: An Evolutionary Approach

Learn how flexible, easy-to-use executive dashboards can help your business.
 

Making Your People Productive Anywhere

In this eBook, you'll learn how the Windows Optimized Desktop solution reconciles those goals.
 

Exchange 2007 Risks and Mitigation Strategies

This whitepaper will review the strengths of Exchange 2007 and areas where CIOs should consider third party solutions.
 

Solving On-premise Email Challenges

This white paper presents ten on-premise challenges and their on-demand services solutions.
 

A Comparative Cost Analysis of Email Environments

This Forrester report will help you evaluate the full cost of your email environment and it will explore the benefits of cloud-based technologies.
 

WEBCASTS

An Open Framework for Business Intelligence

Architecting Business Intelligence Applications for Change
 

Email and Web Threats Require a Layered Defense

Can you trust the cloud to secure your enterprise from email and Web threats? This Webcast discusses how web threat...
 

Smart techniques for application security: whitebox + blackbox security testing.

Whitebox & blackbox application security testing are two approaches for detecting vulnerabilities in Web-based and ...
 

Lower the Cost and Complexity of a Mobile Workforce through Automation

Lower the Cost and Complexity of a Mobile Workforce
 

Extending Client Refresh - 11 Steps to Maximize Savings

11 Steps to Maximize Savings
 

Profit from Power Savings

Cut Costs & Green Your IT Operations with PC Power Management

Find out how and why 400 organizations have d...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

eBook: How Can You Make Your People Productive Anywhere?

Return on Information: Google Enterprise Search pays you back

Cut Costs & Green Your IT Operations with PC Power Management

White Paper: 4 Customer Service Myths

White Paper: Managed Security for a Not-So-Secure World

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

Secure Email and Web-Based Communication from Evolving Attacks

WagerWorks Takes Fraudsters Out of the Game using iovation

Seven Design Requirements for Web 2.0 Threat Protection

Increase UPS efficiency without sacrificing protection.

Learn how advanced forecasting tools can deliver significant business results for global corporations.

Achieving Business Agility with Application Grid

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

AT&T Synaptic Storage as a Service. Expand on demand

Trend Micro ranked #1 against real-world malware. Read more.

Webinar: Jump-start your in-house e-discovery with Ringtail QuickCull from FTI Technology

Streamline IT Costs. Boost Performance with WAN Optimization.

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

See how AT&T can help protect your network.

Webcast: Unleashing the Power of Customer Data

White Paper: Improve Agility with Operational Responsiveness

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

White Paper: Next Generation Remote Infrastructure Management

Keeping Your Members Safe from Online Scams and Predators

The Total Economic Impact of Network Security Intrusion Prevention

Generation Remote Infrastructure Management - Changing the Paradigm

Cloud-Based Email Management: Opinion Shifts In Favor

Lower IT Costs with Oracle Database 11g Release 2

White Paper: Visibility and the New Normal of Mobile Work

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

Return on Information: Google Enterprise Search pays you back. Get the facts.

VMware. The source for Business Infrastructure Virtualization.

ShoreTel tells businesses to untangle from competitors' complexity and turn to its brilliantly simple UC solution

Top Five CIO Challenges

Read the RSA report: Security for Business Innovation

64-page prescriptive guide to security, compliance, and IT operations.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.