Microsoft Releases Out-Of-Band Patch for IE

Microsoft has fixed an emergency drive-by download vulnerability in Internet Explorer 6 and 7

Tuesday Microsoft said that it released MS10-018 "out-of-band" due to an increase in attacks against its two older browsers, Internet Explorer 6 and Internet Explorer 7. Normally Microsoft releases updates via its customary "Patch Tuesday" roundup. However, this rare move served an urgent response to a zero-day, drive-by download vulnerability that has been heavily exploited by attackers over the last several weeks.

According to Microsoft, the patch will address the publicly disclosed vulnerability first revealed on March 9. The problem is caused by an invalid pointer reference located within the two older browsers that can be accessed after an object is deleted-- this can allow attackers to swoop in and initialize remote code execution attacks. At the time, Microsoft claimed that the problem was limited to "targeted" attacks, however that has since changed.

"The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer," Microsoft said weeks ago. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

In addition to the zero-day exploit, the latest patch also addresses nine other vulnerabilities that even effect Internet Explorer 8. Microsoft's Jerry Bryan said that many have asked Microsoft if Tuesday's patch addresses the vulnerability that was used in the Pwn2Own contest at the CanSecWest security conference last week. Apparently that's a negative.

"We are still investigating that issue at this time so we do not have an update available," he said. "In accordance with the contest rules, the vulnerabilities used are responsibly disclosed so that the respective vendors can produce updates to protect their customers before the vulnerabilities can be used by criminals. Microsoft continues to encourage responsible disclosure and we are a sponsor of the CanSecWest conference because we believe in working closely with security researchers to protect customers and the entire computing ecosystem."

Zong Revamps its Website

Zong has got new design and layout for its corporate website. Apparently, transition is in process – however most part of revamp is done.

New look gives professional feel that old design was lacking. Also elements are better arranged with top menu well in place. Enough space on home page is designated for featured offerings, for instance its BlackBerry for now – we may see scrolling featured offerings in a day or two.

Zong has incorporated very intelligent, search button. It’s not intelligent only in terms of search results but its predictive nature will save you time of loading a new page.

Zong has added new features, including Media Center, CS Center, about us along with enhanced form of coverage map, career portal.

Rest you click on this link to see yourself – do share your experience and thoughts in comments, particularly about the color scheme.

Xbox 360 Slim Shots Fake, Just HD DVD Drive

While from first impressions, it does seem believable with its curvature, matching color and Xbox 360 typeface on the side. But those who have spent any amount of time with the Xbox 360's now-out-of-production HD DVD player will know better. pretty clever, as the HD DVD add-on says "Xbox 360" on the side too.

Earlier in March we reported on leaked images showing what appeared to be a greatly redesigned Xbox 360 motherboard – rumored to be the "Valhalla" revision – that integrated the CPU and GPU into a single package. Such a redesign would presumably be able to allow Microsoft to shrink the Xbox 360 into a smaller, slimmer form factor.