|
PureBytes Links
Trading Reference Links
|
Thanks for posting the additional info and the MS link, Kent. You're
right, it is a serious vulnerability, essentially enabling a virus,
worm, or trojan to auto-run on your machine simply by opening an email.
Regards,
Monte
Kent Rollins wrote:
>
> I would like to impress upon everyone that this is a SEVERE VULNERABILITY.
>
> I STRONGLY URGE EVERYONE TO APPLY THE UPDATES FOR THIS VULNERABILITY.
>
> This is an attachment problem that will affect even smart Outlook users
> ("smart" being defined as users who don't click on executables or scripts
> from people they don't know).
>
> Here is the information from the Microsoft patch page:
>
> http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
>
> ===================================
> ===================================
> ===================================
> Who should read this bulletin: Customers using Microsoft® Internet Explorer.
>
> Impact of vulnerability: Run code of attacker's choice.
>
> Recommendation: Customers using IE should install the patch immediately.
>
> Affected Software:
>
> Microsoft Internet Explorer 5.01
> Microsoft Internet Explorer 5.5
> Note: Internet Explorer 5.01 Service Pack 2 is not affected by this
> vulnerability.
> ===================================
> ===================================
> ===================================
>
> The line that says "Run code of attacker's choice." should be noted.
>
> I am someone who generally does not upgrade or apply patches unless there is
> a significant benefit from doing so. I am still running NT 4 on my primary
> workstation. I am still running TS 4 as my primary trading platform. I
> have not owned a disk defragger since the original Norton Utilities in the
> late 80's. I applied this particular patch the minute a coworker told me
> about it.
>
> There is always a risk in running patches but in my judgement, the risk of
> not installing this patch is far worse.
>
> Kent
>
> ----- Original Message -----
> From: "Monte C. Smith" <mcs@xxxxxxxxxxx>
> To: <omega-list@xxxxxxxxxx>
> Sent: Saturday, March 31, 2001 4:58 PM
> Subject: Security Report excerpt
>
> 2. Microsoft Internet Explorer 5.5 SP1, 5.5, 5.01, 5.01 SP1,
> A vulnerability exists in the way IE processes specific MIME types.
> Malicious e-mail messages
> can cause file attachments to automatically launch on the client.
> SecuritySearch.Net VDB ID: 3482
> http://www.securitysearch.net/vdb.shtml
>
> 3. Windows 98, 98 Second Ed, ME, Plus! 98
> Passwords that are used to protect compressed folders are recorded in a
> file on the system.
> Local users can gain access to the passwords and compressed folders.
> SecuritySearch.Net VDB ID: 3479
> http://www.securitysearch.net/vdb.shtml
>
> To report a vulnerability please e-mail vdb@xxxxxxxxxxxxxxxxxx
>
> Subscription
> ============
>
> To subscribe to this newsletter please send an e-mail to
> vreport@xxxxxxxxxxxxxxxxxx with the
> word "subscribe" in the message body.
>
> To unsubscribe from this newsletter please send an e-mail to
> vreport@xxxxxxxxxxxxxxxxxx with
> the word "unsubscribe" in the message body.
>
> Regards,
> Monte
|