Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software.
Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.
Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.
Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.
The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.
“Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue,” Microsoft said in its advisory.
This is the third serious bug in Microsoft’s software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,” he said via instant message. “There are a lot of better ways to currently compromise windows systems.”
After seeing the Internet Explorer flaw used in a growing number of online attacks, Microsoft rushed out an emergency patch for the issue last Wednesday. The company says it has also seen “limited and targeted attacks” exploiting a serious bug in the WordPad Text Converter for Word 97 files. As with the SQL bug, this WordPad converter vulnerability has not been patched, but is a prime candidate to be fixed in Microsoft’s upcoming January 13 security updates.
Read the rest of this entry »
Posted in Microsoft, Security, Software | No Comments »
Google has taken the aggressive step of advising some of the people using its Gmail webmail to use Chrome or Firefox rather than Internet Explorer.
When users log into their Gmail using Internet Explorer a red text link appears at the top right of the page saying ‘get faster Google Mail.’
If you click on the link then you are taken through to a Google answers page that suggests that you should use a faster browser.
The suggestions it makes are Google’s own Chrome browser or Firefox 3.0.
We suggest you upgrade
“Browsers are getting faster and better at running web applications like Google Mail that use browser technology to its limits. In order to get the best Google Mail experience possible, we suggest that you upgrade your browser to one of the fastest Google Mail supported browsers that work on Windows,” reads the text.
There is a proviso that IE8 is being worked on ‘Note: A faster version of Internet Explorer, IE8, is in development and available in a beta release.’
Although not all users appear to be affected in our early investigation, at first glance it is a particularly aggressive approach from Google.
To actively push two browsers over the currently dominant Internet Explorer is far from the normal Google softly, softly approach – especially in a week where Internet Explorer has been beset by news of a major security problem.
It seems, however, that Google is only pushing users to the other browsers if they are currently using Internet Explorer 7. Those that are using Internet Explorer 6 are told to upgrade to either Chrome, Firefox or Internet Explorer 7 for a faster Google service.
Whether this is a silly overview on Google’s part or an active push away from Internet Explorer by the search kings remains to be seen.
What is for sure, is that Google is sending out mixed messages to its users, depending on what version of browser they are using.
Read the rest of this entry »
Posted in Google, Internet, Microsoft, Mozilla, Software | No Comments »
Google has launched an effort to make it possible for developers to offer ad-blocking and other extensions for Chrome, a move that would give the Google Web browser the same level of customization as Mozilla Firefox.
The ability to install third-party applications that add capabilities chosen by users, but not provided by Mozilla, is a key reason for the open source browser’s popularity. Google is apparently borrowing from that playbook in proposing the extension system to Chromium, the open source project behind the development of Chrome.
Google’s proposal was introduced over the weekend in a blog post from Aaron Boodman, a Google programmer working on Chrome. The design document outlines areas that would have to be addressed, such as application programming interfaces to connect extensions to the Chrome engine.
Under the heading “use cases,” Google lists some types of extensions that the company would like to support in Chrome, such as ad and flash blockers. Google makes its money from selling Web advertising but has decided not to ignore two of the most popular Firefox extensions. Other third-party apps Google says it would support include bookmarking/navigation tools, download helpers, and privacy and parental controls.
Having an add-on system from Chrome tops users’ wish list. “If I can’t even add a third-party extension, this browser won’t stay long on my computer,” one person wrote on the Chromium forum.
Google did not set a timetable for releasing an extension system for Chrome, but the design documentation for Chromium developers indicates the search engine has already started to work on the technology.
Google designed Chrome to be lightweight and fast, to have a minimalist user interface, and to resist crashing under have JavaScript demands of Web applications. While a reviewer for InformationWeek believes Google has largely met its goal, not having an extension system gives rival Firefox the upper hand. Microsoft also doesn’t provide an open extension system for Internet Explorer.
Extensions give users more choices in customizing the browser to meet their needs, while relieving the browser maker from having to add a lot of features that can hinder performance. Internet Explorer accounts for more than 70% of the browser market, followed by Firefox with almost 20%. Chrome, which is in beta, has less than 1%.
Read the rest of this entry »
Posted in Google, Internet, Mozilla, Software | No Comments »
