PureBytes Links
Trading Reference Links
|
To the list,
This is a mail from MS concerning a flaw in some e-mail products that
(potentially) could allow the guy with the pierced tongue to crash your box.
The text below says that the problem occurs when the attached file is
downloaded, opened or launched. Just to let you know, I read a report
yesterday about this which states that this is incorrect. The attached file is
not the culprit but it is the tags referencing the attachment which are
malevolent. This means that it is possible for problems to occur by simply
deleting the e-mail - without opening it!
The article also goes on to say that Netscape is also vulnerable to this. They
should also have a fix by now on their web site.
<< This is a special alert message to registered users of Microsoft Office,
Microsoft Outlook 98, Microsoft Internet Explorer version 4.0 or later, and
Microsoft Windows 98. We want to inform you of a security issue that affects
e-mail packages including Microsoft Outlook 98 and Microsoft Outlook Express
versions 4.0 or later. Microsoft has created a fix for this security issue,
which can be downloaded from
http://www.microsoft.com/security/
This security issue involves how e-mail software handles file attachments
with extremely long file names. When users attempt to download, open or
launch a file attachment that has a name containing more than a certain number
of characters, their action can cause the program to shut down unexpectedly.
It is possible - although difficult - for a hacker to cause malicious code to
be executed on a computer as a result of this problem. However, this cannot be
caused accidentally, and to date we have received no reports of users being
affected. More information on this issue can be found at
http://www.microsoft.com/security/bulletins/ms98-008.htm
Microsoft takes security very seriously, and we know you do as well.
Microsoft is committed to ensuring that all its customers enjoy a rich, safe
and secure computing experience and developers have been working around the
clock to isolate and deal with these issues. Microsoft has provided software
patches for both Outlook Express and Outlook 98 at
http://www.microsoft.com/security/
We strongly recommend that you download the appropriate patch immediately.
To ensure customer safety with regard to this and other security-related
issues, Microsoft is investigating further to uncover variants that the
current patch may not block. Microsoft will communicate additional information
about this research as it becomes available. You can also visit
http://www.microsoft.com/security/.
for the latest information and updates, and to register for the Microsoft
Security Notification Service.
Thank you. >>
|