Kilongwe
JF-Expert Member
- Feb 7, 2008
- 423
- 115
Kwa muda wa mwezi sasa kumekuwa na mianya ambayo inawawezesha wavamizi wa mambo ya mitandao (hackers) kuwashambulia wale wanaotumia internet explorer (IE) kufungulia akaunti zao za Gmail na kutoa ujumbe unaodhaniwa unatoka kwa nation-state hackers. Mwanya huu ambao unasababishwa na makosa ya siku isiyoanza kwenye mtambo endeshi wa window (windows zero-day) uligunduliwa tangu juni 13 ya mwezi uliopita, ambao uliwaathiri watumiaji wa IE baada ya kutembelea tovuti zenye hiyo minyoo na kuibeba kwenye IE zao na kuingia kwenye Gmail zao, lakini imewachukua takribani mwezi mzima kwa microsoft kuja kutoa hili suluhisho (kilaka).
Katika tovuti yao, Microsoft wanasema kilaka hiki sio tu kitazuia ushambulizi huo kupitia IE bali pia ni kwa ajili ya programu zao nyingine kama mtambo endeshi wa windows (Windows
operating system), Visual Basic kwa vitendea kazi (Applications) na pia Microsoft Office. Ikumbukwe kuwa, nyufa hizi ni hatari mno na zinahatarisha usalama wa watumiaji wa kompoyuta zenye mitambo endeshi ya Windows.
Ikumbukwe kuwa, Microsoft huweka vilaka kwenye mianya inayohatarisha usalama kila mwanzo wa mwezi na ni mara moja kwa kila mwezi, lakini mwezi huu imekuwa tofauti kufuatia na utata uliokithiri juu ya mashambulizi kwa watumiaji wa IE, hivyo kama wewe ni mtumiaji wa IE, tunakushauri ufanye update leo.
Tumeamua kuandika makala hii kwakuwa, takwimu zinaonesha kuwa watanzania wengi wanatumia email za Gmail (katika anuani yangu ya mawasiliano, asilimia sabini ya anuani ni za gmail), na haya mashamulizi yanayoweza kusababishwa na hizi nyujfa huwalenga sana wana gmail wanaotumia IE.
Huu ni ujumbe toka kwenye blog ya idara ya usalama ya microsoft.
MS12-044 (Internet Explorer): This security update addresses two Critical-class, remote-code-execution issues affecting Internet Explorer. As with the MDAC issue, these two vulnerabilities were privately disclosed to us and we have no indication that they're under exploit in the wild. As with the others, recommend that customers read the bulletin information and apply it as soon as possible. We have by the way increased our Internet Explorer resources to the point where we will be able to release an update during any month instead of on our previous, bi- monthly cadence. We look forward to your feedback on the change
Nimewahi kuongea na rafiki yangu mmoja yeye aliniambia kuwa, mimi huwa sisimiki(install) hizo updates kwani kila si salama na ni hatari kwa kompyuta. Jibu ni kweli, mara nyingi hizi updates huwa na dhumuni kuu na ni muhimu mno kuzidownload. Ni kweli mara chache mno hutokea baadhi ya updates zikasababisha matatizo fulani kwenye kompyuta yako hivyo unatakaiwa kusoma na kuelewa nini kitafanywa na hizi update.
Kitu cha muhimu kufahamu ni kuwa, kuna tofauti kati ya update za kawaida (SP) na zile za kuziba nyufa au kama tunavyoziita vilaka(patches). Update za maboresho ni kwa ajili ya kuongeza kazi, ubora nk, wakati hizi za kuziba nyufa ni kwa ajili ya kuboresha usalama au kutatua tatizo lililotokea kwenye programu husika. Ingawa kuna wakati updates za kawaida huweza kutumiwa kuja kuziba nyufa endapo nyufa ni ningi na hazizibiki tena kwa vilaka.
Source: AfroIT.com
Katika tovuti yao, Microsoft wanasema kilaka hiki sio tu kitazuia ushambulizi huo kupitia IE bali pia ni kwa ajili ya programu zao nyingine kama mtambo endeshi wa windows (Windows
operating system), Visual Basic kwa vitendea kazi (Applications) na pia Microsoft Office. Ikumbukwe kuwa, nyufa hizi ni hatari mno na zinahatarisha usalama wa watumiaji wa kompoyuta zenye mitambo endeshi ya Windows.
Ikumbukwe kuwa, Microsoft huweka vilaka kwenye mianya inayohatarisha usalama kila mwanzo wa mwezi na ni mara moja kwa kila mwezi, lakini mwezi huu imekuwa tofauti kufuatia na utata uliokithiri juu ya mashambulizi kwa watumiaji wa IE, hivyo kama wewe ni mtumiaji wa IE, tunakushauri ufanye update leo.
Tumeamua kuandika makala hii kwakuwa, takwimu zinaonesha kuwa watanzania wengi wanatumia email za Gmail (katika anuani yangu ya mawasiliano, asilimia sabini ya anuani ni za gmail), na haya mashamulizi yanayoweza kusababishwa na hizi nyujfa huwalenga sana wana gmail wanaotumia IE.
Huu ni ujumbe toka kwenye blog ya idara ya usalama ya microsoft.
MS12-044 (Internet Explorer): This security update addresses two Critical-class, remote-code-execution issues affecting Internet Explorer. As with the MDAC issue, these two vulnerabilities were privately disclosed to us and we have no indication that they're under exploit in the wild. As with the others, recommend that customers read the bulletin information and apply it as soon as possible. We have by the way increased our Internet Explorer resources to the point where we will be able to release an update during any month instead of on our previous, bi- monthly cadence. We look forward to your feedback on the change
Kitu cha muhimu kufahamu ni kuwa, kuna tofauti kati ya update za kawaida (SP) na zile za kuziba nyufa au kama tunavyoziita vilaka(patches). Update za maboresho ni kwa ajili ya kuongeza kazi, ubora nk, wakati hizi za kuziba nyufa ni kwa ajili ya kuboresha usalama au kutatua tatizo lililotokea kwenye programu husika. Ingawa kuna wakati updates za kawaida huweza kutumiwa kuja kuziba nyufa endapo nyufa ni ningi na hazizibiki tena kwa vilaka.
Source: AfroIT.com
