Got a server running Apache HTTPd 2.2.14, I had, looks like there is an exploit that could ruin your day if your don't patch.

"Successful exploitation results in the execution of arbitrary code with SYSTEM privileges."

Sense of Security - Security Advisory - SOS-10-002
Proof of concept code

Two issues patched this month, however this a remote code execution vulnerability in Internet Explorer 6 and 7 that is not patched (981374).

• Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
• Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

Microsoft Security Bulletin Summary for March 2010

Microsoft Patching time. Oh yes notice the last one in the list, Microsoft Paint, is nothing safe.

• Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
• Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
• Cumulative Security Update of ActiveX Kill Bits (978262)


• Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
• Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
• Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
• Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
• Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
• Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
• Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
• Vulnerability in Kerberos Could Allow Denial of Service (977290)
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
• Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)

Microsoft Security Bulletin Summary for February 2010

The following list is the result of an attack on RockYou.com whereby a hacker managed to obtain all the account details of 32M users.

Rank	Password	Number of Users with Password
1	123456	290731
2	12345	79078
3	123456789	76790
4	Password	61958
5	iloveyou	51622
6	princess	35231
7	rockyou	22588
8	1234567	21726
9	12345678	20553
10	abc123	17542
11	Nicole	17168
12	Daniel	16409
13	babygirl	16094
14	monkey	15294
15	Jessica	15162
16	Lovely	14950
17	michael	14898
18	Ashley	14329
19	654321	13984
20	Qwerty	13856

What is the most popular password?

Time to move on to Mozilla Firefox 3.6.

Some of the new features include:

• Changes were made that prevent other programs from adding their own toolbar to Firefox without your permission.
• Firefox 3.6 will alert you about out of date and insecure plugins.
• Private browsing also removes TEMP files

Release Notes

Microsoft has released out of it's standard cycle a patch to fix the much publicise flaw in Internet Explorer. If you are a person who insists on using Internet Explorer then it's critically important that you patch your system. This vulnerability effects Microsoft Internet Explorer 6, 6 SP1, 7, and 8 running on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7.

• MS10-002: Cumulative security update for Internet Explorer (KB978207)
• Bulletin MS10-002 Released
• CVE-2010-0249

This months updates unfortunately don't fix the current IIS file extension issue.

• Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)

Microsoft is also recommending (KB979267 - Cached Copy) that Windows XP users uninstall Flash 6.

Microsoft Security Bulletin Summary for January 2010