Tuesday, July 17, 2007

Security: Critical vulnerabilities in Excel and .NET Framework

One of the most critical weeks for this year, Excel and .NET framework are the top, as @RISK Newsletter mentions:

The most critical vulnerabilities announced this week are in Excel and the .NET Framework. Overall, Windows had three, Office had two, and other MS products had one. Microsoft wasn't alone: Sun, Apple, Symantec, Adobe, McAfee, and Cisco also had high-risk vulnerabilities this week. Add to that the vulnerability in Progress Server, used by RSA Security and many other products, and you have a complex week for finding and mitigating vulnerabilities.

(1) CRITICAL: Microsoft Excel Multiple Vulnerabilities (MS07-036)
(2) CRITICAL: Microsoft .NET Framework Multiple Vulnerabilities (MS07-040)

Linux also faces 6 vulnerabilities, but not so critical:
07.29.32 - policyd W_Read Function Remote Buffer Overflow
07.29.33 - Netwin SurgeFTP Multiple Remote Vulnerabilities
07.29.34 - SquirrelMail G/PGP Encryption Plug-in Multiple Remote Command Execution Vulnerabilities
07.29.35 - IBM AIX Libodm Unspecified Buffer Overflow
07.29.36 - Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service
07.29.37 - Linux Kernel Decode_Choices Function Remote Denial of Service

It's not the time to brag about using free software, since you see that Linux is also vulnerable. But at least with a proper router that has a firewall you can use Ubuntu desktop or any Linux/*BSD distribution that is meant for desktop usage, such as PC-BSD. I won't start stating why linux is better, because there is already
a website for that matter: http://www.whylinuxisbetter.net.

No comments: