At the recently held Computex show in Taipei Phoenix Technology Company introduced its new FirstBIOS based on Linux. Among the major advantages of this product, they mentioned such things as PC wake from different standby modes and integrated means of rapid PC recovery in case of failure. The mainboard manufacturers are also claimed to be able to add different additional drivers and utilities into the FirstBIOS.
Of course, FirstBIOS features user-friendly graphics interface, supporting up to 1280x1024 screen resolutions. But the most remarkable thing is that you will be able to get access to Internet directly from this interface either via the traditional modem or local network. In this case the data will be stored in NTFS, FAT32 and ext2 file systems.
According to Phoenix, all these features fit into 16Mbit Flash memory. However, those manufacturers, who decide to add their own high-resolution startup page, will have to use 32Mbit chip.
FirstBIOS has already aroused great interest by Fujitsu, Panasonic and Sharp.
News source: x-bit labs
News source: Phoenix Technologies
Of course, FirstBIOS features user-friendly graphics interface, supporting up to 1280x1024 screen resolutions. But the most remarkable thing is that you will be able to get access to Internet directly from this interface either via the traditional modem or local network. In this case the data will be stored in NTFS, FAT32 and ext2 file systems.
According to Phoenix, all these features fit into 16Mbit Flash memory. However, those manufacturers, who decide to add their own high-resolution startup page, will have to use 32Mbit chip.
FirstBIOS has already aroused great interest by Fujitsu, Panasonic and Sharp.
News source: x-bit labs News source: Phoenix Technologies
MS02-028
This patch eliminates a newly discovered vulnerability affecting Internet Information Services. Although Microsoft typically delivers cumulative patches for IIS, in this case Microsoft have delivered a patch that eliminates only this new vulnerability, while completing a cumulative patch. When the cumulative patch is customer-ready, Microsoft will update this bulletin with information on its availability. The FAQ provides information on the circumstances surrounding the vulnerability, and why Microsoft believe releasing a singleton patch immediately is in customers' best interests. To ensure that servers are fully protected against past as well as current vulnerabilities, Microsoft strongly recommend installing the previous cumulative patch (discussed in Microsoft Security Bulletin MS02-018) before installing this patch.
Title: Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise (Q321599)
Date: 12 June 2002
Software: Internet Information Server
Impact: Run Code of Attacker's Choice
Max Risk: Moderate
View: Microsoft Security Bulletin ID MS02-028 for more information and patch availabilityMS02-029
A flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges. If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.
Title: Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)
Date: 12 June 2002
Software: Windows NT 4.0, NT 4.0 Terminal Server Edition, 2000, XP, Routing and Remote Access Server (RRAS)
Impact: Local Privilege Escalation
Max Risk: Critical
View: Microsoft Security Bulletin ID MS02-029 for more information and patch availabilityMS02-030
Date: 12 June 2002
Software: Microsoft SQLXML
Impact: Two vulnerabilities, the most serious of which could run code of attacker's choice.
Max Risk: Moderate
View: Microsoft Security Bulletin ID MS02-030 for more information and patch availabilityMS02-022 (Revised: 11 June 2002, version 2.0)
On May 8 2002, Microsoft released the original version of this bulletin. On June 11, 2002 the bulletin was updated to announce that while the fixes issued on May 8 2002 resolved the vulnerability, they did not protect in all cases against the reintroduction of the vulnerable control. As a result, a new set of fixes is being released to ensure that systems are fully protected against the reintroduction of the vulnerable control. A new MSN Chat control, updated patch, updated version of MSN Messenger and an updated version of Exchange Instant Messenger have been made available. Customers who have applied any of the fixes released on May 8, 2002 are encouraged to consider applying the updated fixes.
Title: Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Q321661)
Released: 08 May 2002
Software: MSN Chat, MSN Messenger, Exchange Instant Messenger
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS02-022
View: Microsoft Security Bulletin ID MS02-022 for more information and patch availability
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.