Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
Microsoft's May crop of security updates includes a fix for the DNS Server service, three for Office (including Office 2004 for Mac), and one each for Internet Explorer, Exchange, and CAPICOM/BizTalk. All are described as being of 'critical' severity.
The DNS vulnerability - which is only present in Windows 2000 Server and Windows Server 2003 - is rated Critical on installations running the DNS Server service, such as Small Business Server. A stack overflow condition can be exploited by an attacker to take control of the system. There have been attempts to take advantage of this issue.
The Office patches cover Office 2000, Office XP and Office 2007, as well as Office 2004 for Mac. The most widespread vulnerability allows a maliciously crafted drawing object to trigger the execution of arbitrary code. Excel-specific fixes address various ways in which information in an Excel file can be malformed to cause arbitrary code execution
The Word update (not relevant to Word 2007) is interesting as it includes protection against maliciously-crafted RTF files, a format generally regarded as 'safe'. It also covers vulnerabilities in the handling of malformed Word Arrays and Word Document Streams. All three allow the execution of arbitrary code.
The patches for Internet Explorer are needed for versions 5, 6 and 7, including Itanium and x64 versions. They protect against five vulnerabilities, any of which can allow a successful attacker to take complete control of the system.
The Exchange Server 2000/2003/2007 update addresses four vulnerabilities (two allowing a denial of service attack, one allowing the disclosure of information, and one allowing a complete takeover of the server) and replaces two previous bulletins of Exchange 2000 and 2003. At least one of the flaws could be exploited simply by sending a specially-crafted email to the server.
The CAPICOM (Cryptographic API Component Object Model) update is also relevant to BizTalk Server 2004 but not 2000, 2002 or 2006. A successful exploit give the attacker complete control over the system.
Microsoft recommends that all these updates should be applied immediately.
The company has also released new versions of the Malicious Software Removal Tool plus several non-security high-priority updates including an update for the Outlook junk mail filter, a PowerPoint update allowing administrators to restrict the presentation types that can be opened, and a "reliability update" for Windows XP.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
