Security News for December 12, 2007

Here are some Windows security news items, as well as some patch Tuesday information.

From: The Register Hey, HP laptop owners: click here to get hijacked If you use a Hewlett-Packard laptop, chances are a hacker can hijack your machine simply by luring you to a malicious website.

The pwnage comes courtesy of “HP Info Center”, which comes installed on most HP laptops, according to a post made Tuesday to Milw0rm.com.

From: Infoworld DNS attack could signal Phishing 2.0 Only recently have hackers lined up the technology and technique to reap open-recursive DNS servers’ weaknesses. Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.

From: TrendLabs Malware Blog Patch Tuesday, December Edition Just in time for the holidays, Microsoft has released seven (and hopefully last) security bulletins for this year.

From: Microsoft Microsoft Security Bulletin MS07-064 – Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

From: WSJ A Spam-Filled Holiday Season If you’ve been getting a lot of emails offering a deal on a Rolex, here’s why: Spam emails accounted for 72% of all email traffic last month, the highest rate in years.