NEWS - January 3, 2005

By Tom Espiner, ZDNet (UK)
Published on ZDNet News: January 3, 2006, 3:16 PM PT

Experts are advising corporations to use an unofficial patch to combat the latest Microsoft Windows Meta File exploit.

Antivirus vendor F-Secure and the Internet Storm Center, a volunteer security group, separately urged businesses on Tuesday to use the unofficial patch, as Microsoft has not yet offered an authorized fix for the problem.

Microsoft, though, has advised businesses not to use third-party updates, even though its own patch won't be available until next Tuesday.

The WMF vulnerability can be exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said.

Mikko Hypponen, director of antivirus research at F-Secure, said he believes corporations can trust the unofficial patch, which was created by security software developer Ilfak Guilfanov.

more here
http://news.zdnet.com/2100-1009_22-6016649.html?tag=zdnn.alert

By Alorie Gilbert, CNET News.com
Published on ZDNet News: January 3, 2006, 4:08 PM PT

Some consumers may be dismayed to find their social security numbers printed on unsolicited packages from H&R Block, the result of a recent labeling blunder at the company.

The packages, which H&R Block mailed in December, contained free copies of the company's tax preparation software, TaxCut. By mistake, some of the packages also display recipients' social security numbers, which were embedded in 47-digit tracking codes above mailing labels.

The company, based in Kansas City, Mo., informed affected customers of the error via letters sent on Dec. 22 and on its Web site. The Web site advises those affected to monitor their financial accounts and credit reports and place a fraud alert on their credit reports if they suspect identity theft.

more here
http://news.zdnet.com/2100-1009_22-6016720.html?tag=zdnn.alert

By Joris Evers, CNET News.com
Published on ZDNet News: January 3, 2006, 4:34 PM PT

serious flaw in Windows is generating a rising number of cyberattacks, but Microsoft says it won't deliver a fix until next week.

That could be too late, security experts said. The vulnerability, which lies in the way the operating system renders Windows Meta File images, could infect a PC if the victim simply visits a Web site that contains a malicious image file. Consumers and businesses face a serious risk until it's fixed, experts said.

"This vulnerability is rising in popularity among hackers, and it is simple to exploit," said Sam Curry, a vice president at security vendor Computer Associates International. "This has to be taken very seriously, and time is of the essence. A patch coming out as soon as possible is what the responsible thing to do."

more here
http://news.zdnet.com/2100-1009_22-6016747.html?tag=zdnn.alert

By Greg Sandoval, CNET News.com
Published on ZDNet News: January 3, 2006, 4:47 PM PT

Security company Symantec leaped into the nascent market for protecting instant messaging systems on Tuesday, announcing that it has agreed to acquire IMlogic, one of the sector's top players.

Financial terms were not released. But Carlin Wiegner, a senior director of Web security at Symantec, said in an interview with CNET News.com that the Cupertino, Calif.-based company has agreed to pay all cash for 100-employee IMlogic, and expects the deal to close later this quarter.

IMlogic, headquartered in Boston, sells the IM Manager software, which promises to safeguard public and corporate IM networks while providing companies with a means to monitor and archive IM traffic.

more here
http://news.zdnet.com/2100-1009_22-6016780.html?tag=zdnn.alert