[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Report excerpt - TAKE THIS SERIOUSLY



PureBytes Links

Trading Reference Links

I would like to impress upon everyone that this is a SEVERE VULNERABILITY.

I STRONGLY URGE EVERYONE TO APPLY THE UPDATES FOR THIS VULNERABILITY.

This is an attachment problem that will affect even smart Outlook users
("smart" being defined as users who don't click on executables or scripts
from people they don't know).

Here is the information from the Microsoft patch page:

http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

===================================
===================================
===================================
Who should read this bulletin: Customers using Microsoft® Internet Explorer.

Impact of vulnerability: Run code of attacker's choice.

Recommendation: Customers using IE should install the patch immediately.

Affected Software:

Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Note: Internet Explorer 5.01 Service Pack 2 is not affected by this
vulnerability.
===================================
===================================
===================================

The line that says "Run code of attacker's choice." should be noted.

I am someone who generally does not upgrade or apply patches unless there is
a significant benefit from doing so.  I am still running NT 4 on my primary
workstation.  I am still running TS 4 as my primary trading platform.  I
have not owned a disk defragger since the original Norton Utilities in the
late 80's.  I applied this particular patch the minute a coworker told me
about it.

There is always a risk in running patches but in my judgement, the risk of
not installing this patch is far worse.

Kent


----- Original Message -----
From: "Monte C. Smith" <mcs@xxxxxxxxxxx>
To: <omega-list@xxxxxxxxxx>
Sent: Saturday, March 31, 2001 4:58 PM
Subject: Security Report excerpt




2. Microsoft Internet Explorer 5.5 SP1, 5.5, 5.01, 5.01 SP1,
A vulnerability exists in the way IE processes specific MIME types.
Malicious e-mail messages
can cause file attachments to automatically launch on the client.
SecuritySearch.Net VDB ID: 3482
http://www.securitysearch.net/vdb.shtml

3. Windows 98, 98 Second Ed, ME, Plus! 98
Passwords that are used to protect compressed folders are recorded in a
file on the system.
Local users can gain access to the passwords and compressed folders.
SecuritySearch.Net VDB ID: 3479
http://www.securitysearch.net/vdb.shtml

To report a vulnerability please e-mail vdb@xxxxxxxxxxxxxxxxxx


Subscription
============

To subscribe to this newsletter please send an e-mail to
vreport@xxxxxxxxxxxxxxxxxx with the
word "subscribe" in the message body.

To unsubscribe from this newsletter please send an e-mail to
vreport@xxxxxxxxxxxxxxxxxx with
the word "unsubscribe" in the message body.

Regards,
Monte