Thanks Crane for this news :)
KaZaA Ignores order to shut down, despite an order from an Amsterdam court to shut down its file sharing network, KaZaA has continued trading today. KaZaA was ordered to make the illegal trading of copyrighted music impossible as the result of a lawsuit from Dutch copyright holders Buma/Stemra, after negotiations to license their music fell apart. However a court also ordered negotiations resume. KaZaA said that if the negotiations are successfully completed, they will issue new software to their listeners. In the meantime, free trading will continue.
News source: IDG - KaZaA file-swap service running despite shutdown order
KaZaA Ignores order to shut down, despite an order from an Amsterdam court to shut down its file sharing network, KaZaA has continued trading today. KaZaA was ordered to make the illegal trading of copyrighted music impossible as the result of a lawsuit from Dutch copyright holders Buma/Stemra, after negotiations to license their music fell apart. However a court also ordered negotiations resume. KaZaA said that if the negotiations are successfully completed, they will issue new software to their listeners. In the meantime, free trading will continue.
News source: IDG - KaZaA file-swap service running despite shutdown order
The second vulnerability results because of a format string vulnerability in the C runtime functions that the SQL Server functions call when installed on Windows NT(r) 4.0, Windows(r) 2000 or Windows XP. Although format string vulnerabilities often can be exploited to run code of the attacker's choice, that is not true in this case. Because of the specific way this vulnerability occurs, the C Runtime code would always be overrun with the same values regardless of the attacker's inputs. As a result, this vulnerability
could only be used as a denial of service.
An attacker could exploit the vulnerabilities in either of two ways. The most direct way would be for the attacker to simply load and execute a database query that calls one of the affected functions. Alternatively, if a web site or other database front-end would accept and process arbitrary queries, it could be possible for the attacker to provide inputs that would cause the query to call an affected function with the appropriate parameters.
Because the two vulnerabilities have different root causes, there are separate patches for each. Microsoft recommends that the SQL Server patch be applied to all affected servers. However, we recommend that customers carefully weigh whether they need to apply the C runtime patch. We make this recommendation for two reasons:
The C runtime vulnerability only allows denial of service attacks, so the threat it poses is somewhat lower. The C runtime plays a crucial role in the operating system itself.
While we are confident that both patches are well-tested, if there were a regression error in the C runtime, the effects would likely be serious and widespread.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.