Hot News: New Flaw in Spiceworks

How much would you expect to pay for an entire network management and monitoring system? Some may say thousands of dollars; others may decide on a couple of hundred dollars - no matter what figure you prefer, Spiceworks offers its services for free!

In order to make use of Spiceworks it is important that you meet the correct criteria with regards to system requirements. These system requirements include: Windows 2003 Server SP1, SP, Windows 2008 Server, Windows Vista or Windows XP Pro SP2. Some of the files of Windows XP include the following: apidll.dll, ACBROWSER.EXE, b1cbase.sys as well as b57xp32.sys. Unfortunately good news can also come with bad news; the bad news is that Spiceworks is prone to a dangerous vulnerability.

If the vulnerability is exploited correctly the results could prove disastrous. Basically malicious online characters could take complete advantage of this vulnerability and perform cross site scripting attacks. This vulnerability is due to the factor that when input is being passed over from the "query" parameter/search, it is not properly modified prior to being returned to the user. If this vulnerability is exploited with the correct level of precision, then the execution of arbitrary HTML code and script code could take place. This will take place within the context of the browsing session of the victim, in the case of a manipulated website.

This vulnerability opens up doors for other dangerous attacks to take place. Through this weakness attackers could obtain access to and also reset the password of users. Some people make use of the same password for various accounts. This means that they run the risk of an online attacker being able to access other accounts like their online banking or social security accounts. Another risk that this vulnerability brings about, is that malicious attackers could create new administrator accounts whenever they desire to do so. As you can imagine this could result in all sorts of turmoil for the administrative account holder.

The affected versions include the 3.6.33156 as well as the 4.1.39229 version. It is crucial for all Spiceworks users, to be consciously aware of the factor that there is a risk of other versions of Spiceworks also being affected by this vulnerability. I am sure your next question is what can you do in order to still make use of Spiceworks, but stay out of the trouble zone relating to this vulnerability. The solution is for all Spicework users to update to the latest version 4.1.39315, as soon as possible. If you do this then you should stay safe and secure and still be able to enjoy the many wonderful benefits of Spiceworks.