NTA Monitor

Latest News

IT Managers get to grips with Internet security issues

4th May 2010 According to NTA Monitor's 2010 Annual Security Report, the average number of Internet security vulnerabilities afflicting organisations has fallen.. Read More

Will IE6 be the next NT4?

1st October 2009 All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. Read More

One in four web applications susceptible to high risk security flaws

7th September 2009 NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue... Read More

Organisations facing a changing threat landscape

20th July 2009 According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise... Read More
Date: 1st November 2007
Risk: High

Microsoft has identified four critical and two important issues in October's Patch Tuesday.

Critial vulnerabilities have been identified in Internet Explorer 5.01, 6.x and 7.x, which if exploited, can compromise a user's system. A flaw has been identified in the way Kodak Image Viewer handles specifically crafted images files, this flaw could allow an attacker to remotely execute code. An NNTP flaw found in Outlook Express and Windows Mail could allow an attacker to remotely execute code by constructing a special web page that exploits the vulnerability and Microsoft Word has a flaw that could allow remote code execution if a user opens a specially crafted Word file.

Two important vulnerabilities addressed are in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 that could allow an attacker to run arbitrary script. The second important flaw resides in the remote procedure call (RPC) that, if successfully exploited, could result in Denial of Service.

References