Welcome to Process-info.org library
Process-info.org is an online library of Computer Operating System's Processes, which helps you to identify processes running at background of computer operating system or at remote computers on your network.
Process-info.org contains a growing database of executable processes (mostly with .EXE extension) and DLL libraries. You can search for processes through search box or navigate alphabeticaly by starting letter of process name.
It is assumed that users are familiar with computer operating system they're using and agree with suggested changes. Process-info.org will not be held responsible, if changes you make cause a system failure.
Recently added processes
Recently updated processes
Top security risk processes
The Latest News
15 latest global news related to computer security
March 8, 2014 3:08:58 AM CET
Rootkit:W32/ZAccess – Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.
March 7, 2014 7:01:00 PM CET
Android malware detection boosted by university research – With smartphones and tablets increasingly at risk from malware, researchers from North Carolina State University have devised a new and potentially better way to detect it on Android devices.The tool they have developed, called Practical Root Exploit Containment (PREC), is trained to uncover aberrant code written in the C programming language, the language in which they say most malicious Android code is written.PREC looks for root exploits, in which a program gains system administration access rights to the entire device, which a malicious hacker can use with ill intent.The researchers detailed their work, captured in the paper "PREC: Practical Root Exploit Containment for Android Devices," at the Association for Computing Machinery's Conference on Data and Application Security and Privacy, which was held this week in San Antonio, Texas.PREC uses a well-known technique for identifying malicious code, called anomaly detection. Anomaly detection compares the expected behavior of an application with how it actually behaves when it is running on a device, in terms of the system calls it makes.PREC is unique in that it can identify calls made to native C code from a Java program, and check to see if such actions fit into the application's profile for typical usage. The bulk of software programs for Android are written in Java, which other experimental anomaly detectors have focused on."We've observed that most all of the existing exploits are coming from C code," said Helen Gu, an associate professor of computer science at NCSU who was involved in the work. "It's hard, if not impossible, to launch exploits in Java code, because it has to go through the virtual machine."With this approach, PREC has been able to reduce the number of false identifications by an order of magnitude, compared to other anomaly detectors. Focusing on native C code gives PREC a more accurate model of how attacks would differ from standard operations.The researchers tested a prototype against 150 Android apps, of which 140 were benign and 10 contained root exploits. The experiments were run on a Google Galaxy Nexus and on an emulator. PREC was able to identify all of the root exploits with a minimum number of false alarms.What the researchers hope to do is convince app stores, such as the Google Play Store, to create a database describing the typical performance characteristics of all their apps. They could use PREC to build these assessments. Then when a user downloads a new app, the Android device can also download the PREC execution profile for that application, and use that profile to monitor for any unusual activity coming from the app.While app marketplace operators such as Apple or Google already screen the apps submitted to their stores, malware programmers have learned how to bury their code within an app so it doesn't execute until after the program has been downloaded, Gu said.The researchers chose Android over Apple's iOS because the Android kernel, which is Linux, is open source, whereas Apple keeps the kernel for iOS under wraps. They built PREC as a module that can be compiled into the kernel.PREC is not the only Android malware detector based on anomaly detection that researchers have created. Crowdroid uses a crowd-sourcing model of determining routine app behavior, and Paranoid Android offloads some of the detection duties to servers.Both of those detectors require far more processing power on the portable device, compare to PREC, according to the NCSU researchers. Running PREC typically incurs about 3 percent overhead on the system, compared to the 15 to 30 percent overhead incurred by Crowdroid and Android.IBM, Google, the U.S. National Science Foundation and the U.S. Army funded the research.Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com
March 7, 2014 5:19:49 PM CET
#avastSelfie Photo Contest – Happy International Women’s Day! As we celebrate the 106th annual International Women’s Day on Saturday, March 8th, it is an occasion to thank women everywhere who trust us to protect their devices with avast! Antivirus products. To acknowledge women’s contributions to information technology, we took a closer look this week at women’s role in the IT industry, […]
March 7, 2014 5:17:00 PM CET
Encrypted communications take center stage – The first Cebit trade show in the post-Snowden era will focus on security, showing off locally developed bug-proof phones and messaging systems, as well as the ability to protect mobile devices using smartcards.The continued revelations from former U.S. government contractor Edward Snowden about National Security Agency snooping have helped security become the most important IT issue this year in Germany, relegating cloud computing to second place, according to a recent survey from local industry organization Bitkom. European security vendors see the revelations, right or wrong, as a golden opportunity to differentiate their products from competing U.S. offerings.(About 500 security companies will show off their products in Hanover next week. The line-up includes German vendors SecuSmart, Digittrade and Datev.SecuSmart's profile has been raised considerably since German Chancellor Angela Merkel started using the company's SecuSuite for BlackBerry 10 to protect her communications. The product was launched at Cebit last year and encrypts both phone calls and data communications. It uses a microSD card with 4GB of flash memory for storing encrypted documents, and a smartcard chip that performs the encryption.This year the company will announce a complete portfolio of anti-eavesdropping products, including the SecuGate LV telephony system and SecuBridge for secure telephone conferencing.Alternatives to messaging apps such as WhatsApp will also be on display at Cebit. In the aftermath of Facebook's acquisition of the company Thilo Weichert, data protection commissioner in the German state of Schleswig-Holstein, said users should switch to a more secure messaging service.Digittrade is premiering the Chiffry smartphone app, which has encrypted messaging and telephony.Just like Motorola boasts that the Moto X is made in the U.S. and Apple stamps "designed in California" on its products, SecuSmart and Digittrade are eager to tell users their products are from Germany."Made in Germany is a seal of quality which is gaining great popularity in foreign countries at the moment. IT-security solutions from Germany are in demand worldwide" a spokeswoman for SecuSmart said via email.To what extent this will be a successful tactic remains to be seen, but Steve Blood, a vice president at Gartner who focuses on VoIP, unified communications and collaboration, isn't convinced it will make a big difference."I think there is a lot of FUD [fear, uncertainty and doubt] related to this," Blood said.However, with the growing reliance on Internet communications, there are legitimate security concerns and enterprises need to think about how to protect themselves, according to Blood."Our recommendation is that enterprises should be looking for services with integrated encryption rather than first setting up a VPN connection and then running communications inside it," Blood said.Mobile security isn't just about encryption -- access to devices and applications also need to be protected. Alternatives to traditional PIN codes have recently been getting a lot of attention, as Apple and Samsung use fingerprint recognition and LG offers knock codes, a feature lets users knock a pattern on the screen to unlock it.At Cebit, Datev will put a new spin on an old technology: the smartcard reader. Because mobile OSes are not equipped to support smartcards, the company has developed the mIDentity air card reader, which connects to smartphones and tablets using Bluetooth. Integration with Apple's iPad will be demonstrated at the show, which takes place between March 10 and March 14.Send news tips and comments to firstname.lastname@example.org
March 7, 2014 5:00:40 PM CET
Notes from the RSA Conference 2014: Coming Together and Breaking New Ground – Along with my colleagues, I was able to attend this year’s RSA Conference held at the Moscone Center in San Francisco, and the experience was definitely enlightening, especially in terms of the current state of our industry. “Security of Things” before “Internet of Things” Many new technological frontiers have emerged through the years, and with […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroNotes from the RSA Conference 2014: Coming Together and Breaking New Ground
March 7, 2014 4:09:00 PM CET
Lost in translation: the tangled tale of Mt. Gox's missing millions – Japanese authorities are trying to unravel what happened at Mt. Gox, the popular Bitcoin exchange that collapsed last week, and recent revelations are only serving to thicken the plot, not clarify it.The tale of the Tokyo-based exchange appears to be like the code its software ran on; the latter was deemed "a spaghetti mess" by a company source who spoke on condition of anonymity.Mt. Gox filed for bankruptcy protection in the Tokyo District Court on Feb. 28, saying that some 750,000 customer bitcoin and 100,000 of its own bitcoin had vanished, possibly stolen. Based on the valuation of the volatile cryptocurrency at the time of the filing, that is roughly US$474 million. An additional ¥2.8 billion (about $28 million) in cash was unaccounted for.Tokyo police are now scratching their heads. "The National Police Agency seems to lack the ability to analyze the bitcoin trading history of Mt. Gox," a government official told a source probing the investigation.Poof!What really happened? Mt. Gox has never quite escaped the adolescent image associated with its origins as a market for trading cards used in the fantasy game "Magic: The Gathering," even as it changed gears and rocketed to success as the world's largest forum for trading in bitcoin, the digital currency launched in 2009.The site had 1 million customers as of December 2013, according to a document posted on the Web that was purported to be a leaked business plan.Presiding over it all was CEO Mark Karpeles, who uses the online moniker MagicalTux. The attendant image of Karpeles as a stage magician may now inflame Mt. Gox customers who suspect their losses are due to sleight of hand, not sloppiness or outside thieves.In the weeks before it went bust, Mt. Gox suspended bitcoin withdrawals to outside wallets, blaming a bitcoin software bug known as transaction malleability and warning that it could be used for fraudulent purposes.After all, Mt. Gox had been attacked before. In June 2011, $8.75 million in bitcoin was apparently purloined by hackers using stolen passwords.In April 2013, Mt. Gox's website was coming under distributed denial-of-service (DDoS) attacks combined with frantic, frequent trades by a surge of new customers as the price of bitcoin climbed as high as $266.'People trust us with a lot of money right now'At that time, nearly a year ago, Gonzague Gay-Bouchery, Mt. Gox's head of marketing, talked with IDG News Service about the company's travails."We don't have a life, and we want to see our kids," he said. "And we want our customers to be very happy."The site choked and sputtered, unable to cope with the massive amounts of traffic. Customers became angry, leaving Mt. Gox to attempt to quell a public relations disaster and a very real threat from cyberattackers trying to manipulate bitcoin's market price. Gay-Bouchery detailed Mt. Gox's plans for a faster trading engine that would be resistant to cyberattacks."Like everything, it takes a lot of time to make something bulletproof," he said. "We cannot release something half-baked."He acknowledged that Mt. Gox was struggling to cope with new users, which numbered as many as 20,000 a day that month. The company hired more staff to more quickly complete anti-money laundering identity checks on its customers."I would really like to stress that people trust us with a lot of money right now," Gay-Bouchery said. "We want to do everything by the book. We may appear slow in many aspects, but we are taking our time to do it right."In June, Mt. Gox had cut off U.S. dollar withdrawals, prompting widespread concerns over its solvency.The following month, around July 2013, Bitcoin entrepreneur Roger Ver visited Mt. Gox's Tokyo headquarters. He published a video saying he believed the company's withdrawal problems were caused by the "traditional banking system, not because of a lack of liquidity at Mt. Gox.""The traditional banking partners that Mt. Gox needs to work with are not able to keep up with the demands of the growing bitcoin economy," Ver said at the time.But on Feb. 25, the day Mt. Gox's website went blank, Ver retracted his earlier statements in another video.In an email interview last week, Ver recalled his meeting with Mt. Gox: "I watched him [Karpeles] log into his online bank account in real time and saw the balances with my own eyes. They had a huge amount of U.S. dollar liquidity at that time."Ver doubts that transaction malleability, a long-known issue that in some cases can be exploited to make fraudulent withdrawals, was the sole cause of Mt. Gox's wipeout."The problem was clearly caused by poor code or other mismanagement at Mt. Gox," Ver said."I think there was a lack of corporate culture," said a source close to the company who observed obliviousness to major problems. "I just really don't know how they managed to stay open as long as they did."Spaghetti code"The environment was completely dysfunctional," said the company source, who worked at Mt. Gox owner Tibanne. "There was no testing or staging of code. Just development and production. It's a financial exchange and they're handling customer money. At least I would expect a workflow that encompasses these things."Mt. Gox management ignored warnings that the software platform was "a spaghetti code mess" and showed little interest in cracking down on security flaws, the source said, adding that Karpeles grew bored of run-of-the-mill business tasks."Mark loved to circumvent the (development) process because he had direct access to all the servers," the source said. "So whenever he wanted to change something he would just change it on the live side, and that was that."Karpeles could not be reached for comment. In a statement related to Mt. Gox's bankruptcy filing, the company described problems with the bug in the bitcoin system, saying, "We believe that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug and we have asked an expert to look at the possibility of a criminal complaint and undertake proper procedures."The errors in the Mt. Gox code likely allowed for bitcoins to be slowly siphoned off the exchange over time without anyone noticing, said the source, who added that one possibility is that the site's cold storage, essentially an offline vault used by bitcoin exchanges, either did not exist or was lost."Accounts were being hacked left and right," the source said. "But victims would contact support, made to wait two weeks and nothing would happen."Mt. Gox's approach to money was equally questionable. Its account with Mizuho Bank was not segregated between customer funds and operational funds, the source said.This week, an audio recording surfaced on the Web that purports to be a conversation held in late January between Karpeles and a Mizuho Bank official, who are speaking in Japanese. After airing his concerns about bitcoin, the official repeats the bank's decision that Mt. Gox's account must be closed.Instead of becoming alarmed, Karpeles seemed more interested in his pet project to open a Bitcoin Cafe beside the company's headquarters, the source said.But soon the problems would become too large to ignore.Poker facesNeither Karpeles nor his deputy, Gonzague Gay-Bouchery, outwardly showed signs of worry just two weeks before Mt. Gox filed for bankruptcy protection, said Bruce Fenton, board member of The Bitcoin Association.In emails and phone calls, Fenton approached both men around Feb. 14 to discuss a possible investment in Mt. Gox, an effort aimed at sorting out the company's problems. Of top concern was whether Mt. Gox had its bitcoins."We asked them flat out if they had [the bitcoins]," Fenton said in a phone interview Tuesday. "Gonzague said they had them."The talks failed to progress as Mt. Gox's situation deteriorated, Fenton said.The document titled "Crisis Strategy Draft," leaked on Feb. 25, suggests that the company had lost 744,408 bitcoins and outlined an implausible plan for recovery. Many people, including Fenton, felt the document was fake.Fenton then emailed Karpeles asking about the company's bitcoin holdings. Karpeles didn't directly answer, instead saying there would be an announcement on Feb. 28, the day of its bankruptcy filing at Tokyo District Court."I just thought it [Mt. Gox] was profoundly poorly managed," Fenton said.As a small protest gathered outside the company offices and Mt. Gox suspended withdrawals, management issues couldn't be ignored anymore. As part of his final act in the Mt. Gox drama, Karpeles was bowing in ritual Japanese apology at the bankruptcy press conference."I am deeply sorry for causing trouble," he said.
March 7, 2014 3:21:00 PM CET
Criminals on Tor is the price of global liberty – Research pointing to rising criminality on Tor shows the cost of having a network that provides anonymity to whistleblowers, journalists, political dissidents and others trying to avoid government surveillance.Experts agreed on Thursday that nothing could be done to prevent cybercriminals from using Tor without raising the risk to legitimate users. Recent research by Kaspersky Lab expert Sergey Lozhkin found that "the cybercriminal element is growing" on the anonymity network.The way Tor is used by Chinese dissidents to skirt the Great Firewall and oppressive censorship is the same way criminals cloak the operators of marketplaces and forums where criminals can rent botnets for DDoS attacks or to distribute malware, buy stolen credit card numbers and launder bitcoins, the most widely used currency on the dark Web."If it were possible to stop criminals from using Tor, it would be useless," Julian Sanchez research fellow at the Cato Institute, said. "After all, the dissidents who use it to protect themselves are considered criminals by their own regimes."While the number and breadth of criminal resources is not on the same scale as the traditional Internet, Lozhkin did find 900 hidden online services and 5,500 nodes and a 1,000 exit nodes used in criminal activity.A node is any processing location on a network. It can be a computer or some other device. An exit node allows for exiting the network to a specified IP address and port combination."Like all technologies, Tor is dual use," Jerry Brito, head of the Technology Policy Program at the Mercatus Center at George Mason University, said. "Fire can be used to cook and to keep warm, but it can be used to destroy a village as well. The key is to target those who would misuse the technology, and not the technology itself."Jason Smolanoff, vice president of Stroz Friedberg, said the digital forensics firm has used sophisticated technologies and investigative techniques to identify individuals involved in computer intrusion and copyright infringement."While TOR does provide anonymity on the Internet, it is not foolproof and many cybercriminals often leave other investigative clues as to their identity and motivation, and are ultimately caught by investigators," Smolanoff said.One of the most notorious Tor marketplaces busted by U.S. authorities was Silk Road, which was shutdown last year and the creator arrested in San Francisco. Sellers primarily traded in illegal drugs with thousands of listings for marijuana LSD, heroin, cocaine, methamphetamine and ecstasy.While Silk Road-like operations should not be tolerated, shutting down or compromising Tor would have a more serious impact on society."The gamble our own government made when funding Tor was that a decentralized anonymity network resistant to state power would ultimately be enough of a net benefit to global liberty that it was worth accepting the protection it would also necessarily afford genuine bad actors," Sanchez said.Tor originated from a U.S. Navy project aimed at protecting government communications. The technology developed by the Naval Research Lab was eventually used in building the anonymity network in existence today.
March 7, 2014 2:07:00 PM CET
NSA created 'European bazaar' to spy on EU citizens, Snowden tells European Parliament – The U.S. National Security Agency (NSA) has turned the European Union into a tapping "bazaar" in order to spy on as many EU citizens as possible, NSA leaker Edward Snowden said.The NSA has been working with national security agencies in EU member states to get access to as much data of EU citizens as possible, Snowden said in a testimony sent to Members of the European Parliament (MEPs) published Friday.The European Parliament had invited Snowden to provide testimony for an inquiry into the electronic mass surveillance of EU citizens. That surveillance, often instigated by the NSA but carried out with help of EU member states, is quite extensive, he wrote.The NSA has been pressuring EU member states to change their laws to enable mass surveillance, according to Snowden. This is done through NSA's Foreign Affairs Division (FAD), he said, adding that lawyers from the NSA and GCHQ work very hard "to search for loopholes in laws and constitutional protections that they can use to justify indiscriminate, dragnet surveillance operations that were at best unwittingly authorized by lawmakers," he said.The efforts to "interpret new powers out of vague laws" is an intentional strategy to avoid public opposition and lawmakers' insistence that legal limits be respected, he said.Recently, the FAD has used such pressuring techniques on Sweden and the Netherlands as well as on New Zealand, according to Snowden. Germany has also been pressured to modify a law on the secrecy of post and telecommunication correspondence to appease the NSA, eroding the rights of German citizens under their constitution in the process, Snowden said."Each of these countries received instruction from the NSA, sometimes under the guise of the U.S. Department of Defense and other bodies, on how to degrade the legal protections of their countries' communications," he said. The ultimate result of this NSA guidance is that the right of ordinary citizens to be free from unwarranted interference is degraded, and systems of intrusive mass surveillance are being constructed in secret within otherwise liberal states, he said, adding that this often happens without the full awareness of the public.Ultimately, each national spy agency is independently hawking domestic access to the NSA and others "without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole," according to Snowden.Once the NSA has dealt with legal restrictions on mass surveillance in partner states, it pressures them to perform operations to gain access to the bulk communications of all major telecommunications providers in their jurisdictions, Snowden said. "Sometimes the NSA provides consultation, technology, or even the physical hardware itself for partners to 'ingest' these massive amounts of data in a manner that allows processing, he added."By the time this general process has occurred, it is very difficult for the citizens of a country to protect the privacy of their communications, and it is very easy for the intelligence services of that country to make those communications available to the NSA -- even without having explicitly shared them," Snowden wrote.The deals between the NSA and foreign partners are set up in such a way as to provide the NSA with a means of monitoring a partner's citizens without informing the partner, and to provide the partner with a means of plausible deniability, he said."The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements," Snowden said.Snowden, who said that he's still seeking asylum in the EU, also provided solutions to solve the mass surveillance problem.It is easy to make mass surveillance more expensive through changes in technical standards, he said. "Pervasive, end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost effective basis," he said, adding that the result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion.This traditional method is more effective than mass surveillance, according to Snowden. "I believe that spying serves a vital purpose and must continue," he said.The European Parliament is set to vote on a draft resolution on Wednesday that seeks to keep data protection out of EU-U.S. trade talks. The MEPs want the EU to suspend two deals with the U.S., one on exchanging banking data and the other on the Safe Harbor privacy principles for U.S. firms holding European data, as, they say, the fight against terrorism can never justify secret and illegal mass surveillance.The MEPs will also vote on a proposal for stronger safeguards for data transfers to non-EU countries. Wednesday's vote could result in the updating of 19-year-old data-protection laws. Under MEPs' amendments, companies breaking the rules would face fines of up to €100 million (about US$139 million), or up to 5 percent of their annual worldwide turnover, whichever is greater, according to the Parliament.Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to email@example.com
March 7, 2014 1:33:59 PM CET
Google Play: Whats the newest threat on the official Android market? – Official app stores are the primary sources to finding and downloading apps. Experts advise users to stay within the official app stores as they are approved ecosystems, which are widely recognized as safe. But are these sources really trustworthy? Some experts, however, claim that “Android malware is non-existent and security companies just try to scare […]
March 7, 2014 6:42:17 AM CET
A conversation with AVAST women – Part 1 – AVAST Software is officially a great place to work. One of the reasons it’s so enjoyable here is because of the women we work with. Like most technology companies, AVAST is male-dominated. Our male colleagues are the best at what they do, but since International Women’s Day is on Saturday, March 8, some of the […]
March 7, 2014 6:16:00 AM CET
Back to the Future Arrival Time Prank – Messages that have been repeatedly posted on social media websites claim that 'Today is the day Marty McFly Arrives'. The messages refer to the date that the character 'Marty McFly' from the 'Back to the Future' movies arrives in the future. The messages usually include a graphic supposedly depicting the arrival date.
March 7, 2014 4:55:00 AM CET
'Ignore if u Don't Care' Facebook Donations for Likes Hoax – Circulating Facebook message that features an image of an emaciated young man lying on a bed claims that Facebook will donate money to help the man whenever users like, share or comment on his picture. The message claims that the man is suffering from cancer.
March 7, 2014 2:25:00 AM CET
Computer retailer Penta Group cops Spam Act warning – The Australian Communications and Media Authority (ACMA) has given a formal warning to Sydney-based computer and electronics retailer Penta Group for sending seven marketing emails that did not comply with the Spam Act.The emails were sent between 18 April and 12 July 2013.An ACMA spokesman said it contacted Penta Group several times about its e-marketing approach prior to the investigation but the Group did not address its concerns.Under the Act, companies can't send marketing material to consumers unless they opt-in to receive communications.In October 2013, auction website GraysOnline was penalised with a $165,000 infringement notice for sending marketing emails which did not have an opt-out facility and for continually sending emails to some customers who had already withdrawn their consent to receive marketing messages.During the same month, ACMA fined Melbourne nightclub operator,Minardi Pty Limited, $15,000 for sending promotional SMS messages that had no contact details or an opt-out function.The Act states that all promotional SMS messages must contain information to help consumers contact the business and an option to unsubscribe.Correction: This article originally reported the number of emails as 11.Follow Hamish Barwick on Twitter: @HamishBarwickFollow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia
March 7, 2014 12:11:32 AM CET
The Siesta Campaign: A New Targeted Attack Awakens – In the past few weeks, we have received several reports of targeted attacks that exploited various application vulnerabilities to infiltrate various organizations. Similar to the Safe Campaign, the campaigns we noted went seemingly unnoticed and under the radar. The attackers orchestrating the campaign we call the Siesta Campaign used multicomponent malware to target certain institutions that […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroThe Siesta Campaign: A New Targeted Attack Awakens
March 7, 2014 12:02:00 AM CET
Patch Tuesday: Microsoft to address IE problems – Microsoft is issuing five security bulletins this month, two of them critical and affecting all versions of Internet Explorer as well as all versions of Windows from XP to 8/8.1.The first bulletin rated critical addresses a zero-day attack that was discovered last month and for which Microsoft has already issued a formal Fixit, "but this will be the permanent patch reaching a much larger audience," says Wolfgang Kandek, the CTO of Qualys. It affects IE versions 6 through 11. Also on Network World: 9 must-do's if you must stick with Windows XP �| Windows XP vulnerabilites rose in 2013, security firm finds � If left unpatched, the vulnerabilities could be exploited to let attackers execute malicious code on affected machines, Microsoft says in its Security Bulletin Advance Notification issued today. "These types of bulletins need immediate attention and a reboot, which is always a headache for IT teams," says Ken Pickering, director of engineering at CORE Security.All five of the bulletins this month concern patches that affect Windows XP, which falls off the security bulletin list after next month's Patch Tuesday. "Windows XP will continue to be impacted by the majority of vulnerabilities found in the WIndows eco-system, but you will not be able to address the issues anymore," says Kandek.Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at firstname.lastname@example.org and follow him on Twitter @Tim_Greene.Read more about infrastructure management in Network World's Infrastructure Management section.