Archive for March 29th, 2010


Microsoft rushes to patch zero-day IE hole

Microsoft rushes to patch zero-day IE hole

Monday, March 29, 2010
Last modification: Tuesday, March 30, 2010: 1:05 p.m. PDT

••• Microsoft is releasing an out-of-band patch to address a vulnerability in Internet Explorer 6 and 7 on Tuesday, which if exploited would allow an attacker to compromise the targeted system. In addition to the patch addressing the widely known flaw, MS10-018 will also correct nine other vulnerabilities.

“We have been monitoring this issue and have determined an out-of-band release is needed to protect customers,” Microsoft said in a statement.

Discovered earlier this month, the flaw in Internet Explorer is caused due to a use-after-free error in iepeers.dll when handling invalid values passed to the “setAttribute” function. If exploited, the attacker would have control over the system at the permissions level of the current user. Considering most users are logged in as an administrator on their systems, the issue quickly gained notoriety.

While Microsoft said that users of Internet Explorer 8 and Windows 7 are not vulnerable, the fact that the majority of their users are open to attack caused them to push the timeline up some for the patch.

“The last time Microsoft issued an out of band patch for IE was in January, and it was for the ‘Aurora’ bug that was used to exploit Google, Adobe and other large enterprises. Given that Microsoft’s regular patch is only 15 days away, an out-of-band patch definitely means there is a serious uptick in attacks against this bug in the wild,” said Andrew Storms, Director of Security Operations for nCircle.

“Microsoft’s turnaround time on this bug was very impressive. Generally, it takes at least 30 days from advisory to bug fix release. Microsoft released the advisory on March 9th, just three weeks ago.”

Each of the ten updates in MS10-018 will be listed as Critical by Redmond, and they expect them to hit systems by 1:00 p.m. PDT on March 30.

• Microsoft Security Bulletin MS10-018 – Critical •
• Cumulative Security Update for Internet Explorer (980182)

▪ Microsoft Security Bulletin Advance Notification for March 2010
▪ Internet Explorer Cumulative Update Releasing Out-of-Band
• Source(s): Microsoft Corporation


British Airways: A few strikes don’t make a spring of discontent

British Airways: A few strikes don’t make a spring of discontent

Monday, March 29, 2010


British Airways cabin crew have launched a four-day strike, forcing the cancellation of numerous flights as they stage their second walkout in a week over an increasingly bitter dispute.

BA said about 70 % of its long-haul flights and up to 55 % of its short-haul flights were operating on Saturday during the strike by the Unite union, even more than during last weekend’s three-day action.

The airline has said more than three-quarters of its passengers – over 180,000 out of 240,000 – will still be able to travel, and chief executive Willie Walsh said it’s doing “everything possible” to make this happen.

In a YouTube message issued late on Saturday, he added: “We’re absolutely committed to resolving this dispute with the trade union and returning British Airways to normal operations as soon as possible.”

Walsh has warned the airline could fold in a decade unless the changes to working practices he wants are carried out, but Unite says his “slash and burn” approach would lead to a two-tier workforce and a reduced service.

Negotiations between Unite, which represents BA’s 12,000 cabin crew, and the airline broke down on the eve of the first strikes.

A BA spokeswoman said on Saturday that London Gatwick and London City airports were operating as normal and enough staff had turned up to the airline’s main hub at London Heathrow to crew the revised timetable.

She dismissed as “rubbish” Unite’s claims that passengers on six fully loaded flights had to disembark due to a lack of crew, and that flights were leaving with reduced crew and well under capacity.

Walsh visited Heathrow airport’s Terminal 5 to talk to passengers who had their travel plans disrupted, and said he found customers “very positive”.

“At the same time I am deeply sorry for those customers who have had their holidays and their plans disrupted,” he said in his video message.

Outside Heathrow, striking cabin crew set up picket lines and were joined by staff from Iberia, the Spanish airline which is in talks to merge with BA.

The union has claimed the cost to the airline of the strike action will be $149.722 million.

By contrast, BA has said last week’s walkout cost $10.479 million a day and that an assessment of the cost of the full seven-day action could only be made after it was finished.

In an interview with the Daily Telegraph on Saturday, Walsh said changes to working conditions are vital to the company’s survival.

“We are trying to transform the way we operate because the industry is changing and the economic conditions have changed so radically that we’ve got to change,” he said.

“We’re doing this to make sure BA still exists in 10 years. If we don’t do this, BA won’t exist in 10 years.”

BA said last month it expected to notch up a record loss in the current financial year due to weak demand for air travel.

Walsh also denied accusations that he was trying to break the union, after the claim was made in a letter from 116 industrial relations experts from universities across Britain, published in The Guardian on Friday.

“It is clear to us that the actions of the chief executive of British Airways… are explicable only by the desire to break the union which represents the cabin crew,” the academics’ letter read.

The union has also complained of intimidation, and one cabin crew member who asked not to be named said: “I’ve been with the company for 21 years and they’ve never imposed on us. They’ve always sought an agreement, until now that is. Now there is an atmosphere of fear which I’d never seen before.”

Prime Minister Gordon Brown has condemned the strike but, just weeks before a general election, faces accusations of a weak response from the main opposition Conservatives because Unite is a major donor to his Labour Party.

Cabin crew strike
Updated information including some cancellations for flights departing on and after 30 March 2010.
For more information: All The Latest Advice For British Airways Passengers GO
• Source(s): U.K. Press & British Airways


March 2010


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2 other followers

© Copyright 2010 Dominic Stoughton. All Rights reserved.

Dominic Stoughton's Blog