Today's bug patches and security alerts:
EEye publishes fix for Windows zero-day vulnerability
With online criminals exploiting an unpatched flaw in Windows, security vendor eEye Digital Security has come forward with an unofficial fix for the problem. The unofficial temporary patch, published early Friday, fixes a bug in the way Windows processes Animated Cursor files, which are used to create cartoon-like cursors in Windows. Security researchers at McAfee Inc. first reported the bug on Wednesday evening, saying that it has been used in Web-based attacks. IDG News Service, 03/30/07.
With attacks increasing Windows patch coming early
Microsoft has decided to rush out a fix for a flaw in its Windows operating system, saying that the problem has become too serious to ignore. IDG News Service, 04/02/07
Get the unofficial patch from EEye
New software has been published on the Internet that could be used to exploit a known flaw in Internet Explorer. The code, which was posted Monday to the Milw0rm.com Web site, exploits a recently patched flaw in Microsoft Corp.'s browser. It could be used to run unauthorized software on a computer that was not updated with the latest Microsoft patches, security experts warn. IDG News Service, 03/26/07.
**********
A number of flaws, including an integer overflow that could allow attackers to run malicious code on an affected system, have been fixed in VMWare's ESX server.
**********
Two new updates from rPath:
inkscape (format string, code execution)
**********
Four new patches from Mandriva:
openoffice.org (multiple flaws)
kdelibs (information disclosure)
xmms (integer overflow, code execution)
evolution (format string, code execution)
**********
Three new fixes from Gentoo:
Ekiga (format string, code execution)
mgv (stack overflow, code execution)
**********
Today's virus and malware news:
New virus comes disguised as IE 7 download
If you receive an e-mail offering a download of Internet Explorer 7 Beta 2, delete it. A new virus is making the rounds that comes disguised as a test version of Microsoft current Web browser. IDG News Service, 03/30/07.
**********
From the interesting reading department:
A group is spending this week releasing "new undisclosed vulnerabilities / flaws / exploitation techniques discovered in the latest versions of the Microsoft Windows Vista operating system."
Author apologizes, but fails to fix Panda worm
The accused mastermind behind the Panda Burning Incense worm has not done a very good job of making amends, according to security vendor Symantec. IDG News Service, 03/29/07.