[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Report excerpt - TAKE THIS SERIOUSLY



PureBytes Links

Trading Reference Links


 Thanks for posting the additional info and the MS link, Kent. You're
right, it is a serious vulnerability, essentially enabling a virus,
worm, or trojan to auto-run on your machine simply by opening an email.

Regards,
Monte



Kent Rollins wrote:
> 
> I would like to impress upon everyone that this is a SEVERE VULNERABILITY.
> 
> I STRONGLY URGE EVERYONE TO APPLY THE UPDATES FOR THIS VULNERABILITY.
> 
> This is an attachment problem that will affect even smart Outlook users
> ("smart" being defined as users who don't click on executables or scripts
> from people they don't know).
> 
> Here is the information from the Microsoft patch page:
> 
> http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
> 
> ===================================
> ===================================
> ===================================
> Who should read this bulletin: Customers using Microsoft® Internet Explorer.
> 
> Impact of vulnerability: Run code of attacker's choice.
> 
> Recommendation: Customers using IE should install the patch immediately.
> 
> Affected Software:
> 
> Microsoft Internet Explorer 5.01
> Microsoft Internet Explorer 5.5
> Note: Internet Explorer 5.01 Service Pack 2 is not affected by this
> vulnerability.
> ===================================
> ===================================
> ===================================
> 
> The line that says "Run code of attacker's choice." should be noted.
> 
> I am someone who generally does not upgrade or apply patches unless there is
> a significant benefit from doing so.  I am still running NT 4 on my primary
> workstation.  I am still running TS 4 as my primary trading platform.  I
> have not owned a disk defragger since the original Norton Utilities in the
> late 80's.  I applied this particular patch the minute a coworker told me
> about it.
> 
> There is always a risk in running patches but in my judgement, the risk of
> not installing this patch is far worse.
> 
> Kent
> 
> ----- Original Message -----
> From: "Monte C. Smith" <mcs@xxxxxxxxxxx>
> To: <omega-list@xxxxxxxxxx>
> Sent: Saturday, March 31, 2001 4:58 PM
> Subject: Security Report excerpt
> 
> 2. Microsoft Internet Explorer 5.5 SP1, 5.5, 5.01, 5.01 SP1,
> A vulnerability exists in the way IE processes specific MIME types.
> Malicious e-mail messages
> can cause file attachments to automatically launch on the client.
> SecuritySearch.Net VDB ID: 3482
> http://www.securitysearch.net/vdb.shtml
> 
> 3. Windows 98, 98 Second Ed, ME, Plus! 98
> Passwords that are used to protect compressed folders are recorded in a
> file on the system.
> Local users can gain access to the passwords and compressed folders.
> SecuritySearch.Net VDB ID: 3479
> http://www.securitysearch.net/vdb.shtml
> 
> To report a vulnerability please e-mail vdb@xxxxxxxxxxxxxxxxxx
> 
> Subscription
> ============
> 
> To subscribe to this newsletter please send an e-mail to
> vreport@xxxxxxxxxxxxxxxxxx with the
> word "subscribe" in the message body.
> 
> To unsubscribe from this newsletter please send an e-mail to
> vreport@xxxxxxxxxxxxxxxxxx with
> the word "unsubscribe" in the message body.
> 
> Regards,
> Monte