NEWS - January 10, 2006

The end of the Microsoft Support Lifecycle will now coincide with the release of Microsoft's monthly security bulletin release cycle, instead of preceding it, and Exchange Server 5.5 customers are the first to benefit from the change.

Read more in http://www.microsoft.com/presspass/features/2006/jan06/01-10Support.mspx

By Tom Espiner
Special to CNET News.com
Published: January 10, 2006, 9:51 AM PST

Security attacks over instant-messaging networks became more prevalent in 2005, according to a new study.

Microsoft's MSN network experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AOL's AIM network, according to the report, published Monday by IM security vendor FaceTime Communications.

In 2005, MSN had a 57 percent share of the attacks, AOL had 37 percent and Yahoo had 6 percent, FaceTime said in its "Impact report: Analysis of IM & P2P Threats in 2005."

While the incidence rate of attacks over IM is still low compared with e-mail-borne attacks, the rate appears to be increasing rapidly. There were 778 incidents recorded in the fourth quarter of last year compared with 59 in the first quarter, according to the report.

more here
http://news.com.com/Instant+messaging+attacks+rose+in+2005/2100-7349_3-6025226.html?tag=html.alert

By Renai LeMay, ZDNet Australia
Published on ZDNet News: January 10, 2006, 10:48 AM PT

The developers of the open-source PostgreSQL database have issued a "critical" update, urging users of the software to modify their installations immediately to protect themselves from possible exploits.

The fix--which can be downloaded from PostgreSQL's Web site--applies to the most recent version 8.1 of PostgreSQL, which was released just last November, in addition to older versions 8, 7.4 and 7.3.

"The fixes in the 8.1 and 8.0 branches are critical, especially for Windows users, and users of these branches are urged to update at their earliest opportunity," PostgreSQL project member Marc Fournier wrote in an e-mail. A message was also posted online.

Fournier said one fix repaired a denial-of-service vulnerability that could affect PostgreSQL running on Windows systems if too many connection attempts were simultaneously made to the database.

more here
http://news.zdnet.com/2100-1009_22-6025254.html?tag=zdnn.alert

By Joris Evers, CNET News.com
Published on ZDNet News: January 10, 2006, 1:07 PM PT

Microsoft on Tuesday released fixes for two "critical" security flaws, one in Windows and another in the Outlook e-mail client and Exchange mail server.

Both vulnerabilities could allow an attacker to gain complete control over vulnerable PC or server running the Microsoft software, the company said in two security bulletins, released as part of its monthly patching cycle.

The Windows problem lies in the way the software processes Web fonts and affects all current versions of the operating system. A vulnerable Windows system could be compromised if the user opened an e-mail or visited a Web site containing a malicious font, Microsoft said in security bulletin MS06-002.

more here
http://news.zdnet.com/2100-1009_22-6025413.html?tag=zdnn.alert

By Joris Evers, CNET News.com
Published on ZDNet News: January 10, 2006, 5:37 PM PT

While fans checked out the latest and greatest at Macworld on Tuesday, Apple Computer sent out a warning about serious security flaws in QuickTime.

The vulnerabilities in the media player put computers running Windows and Mac OS X at risk of being commandeered by an outsider, Apple said on its Web site. An attacker could exploit the flaws by tricking the user into opening a malicious file, the Cupertino, Calif.-based company said.

Apple released QuickTime 7.0.4 to address the vulnerabilities. The French Security Incident Response Team, a commercial security monitoring and research outfit, described the problems as "critical," its highest risk rating.

The Tuesday alert follows an October security update for the same software. Security experts have warned of unpatched flaws in QuickTime as well as iTunes software. Apple typically does not comment on unpatched flaws.

more here
http://news.zdnet.com/2100-1009_22-6025626.html?tag=zdnn.alert