Software Report [Bugs and Fixes: Windows, IE at Risk - 08/10/2005]

Discussion in 'IBM' started by Ablang, Aug 18, 2005.

  1. Ablang

    Ablang Guest

    August 10th, 2005

    Bugs and Fixes: Windows, IE at Risk

    Contrib. Ed. Stuart J. Johnston

    Last night I watched an old Stephen King sci-fi thriller called
    "Maximum Overdrive." It was very campy and very bad. The premise: A
    cometary radiation storm causes all machines--from Mack trucks to the
    milk-shake maker at the local diner--to come alive and rebel against
    humans.

    In the digital universe, PCs are vulnerable to their own kind of
    external threat: worms designed by hackers to deliberately turn your
    system against you. Your protection: Patch, patch, and patch your PC.

    Microsoft has released critical patches for newly discovered
    vulnerabilities in Internet Explorer and Windows. One hole involves
    the way that IE displays Portable Network Graphics files and affects
    IE 5.01 through 6 Service Pack 1 running on Windows 98 through XP
    Service Pack 2. (Although PNG is not a widely used graphics file
    format on the Web, it could be used to launch an attack program.)
    Things might appear fine in IE--no pop-up errors and no problems
    viewing sites--until your PC starts deleting files and doing other
    things, seemingly on its own.

    To trigger an attack, you would have to click a link that leads to a
    cracker's Web site or open an HTML e-mail message that contains a
    flawed PNG file; these actions allow the attacker's site to send IE
    too much data at once, creating a buffer overflow error. That leaves a
    hole in your system through which a damaging program could enter. So
    avoid the risk by getting the patch:
    http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx

    Windows Help Files Gone Awry

    Microsoft has fixed a glitch in how Windows processes files in the
    HTML Help system. You don't have to launch a Help file to set off an
    attack; the malicious code will do it for you. The trigger could be
    disguised as a bogus banner ad, for example, or a booby-trapped
    button. The point is to get you to click a link that uses the Help
    exploit to break into Windows.

    A successful assault would let an attack program wreak havoc on a PC.
    Systems running Windows 98 through XP SP2 are vulnerable. Fortunately,
    this and the PNG hole apparently have not yet spawned an attack on
    anyone's machine. Here's the patch:
    http://www.microsoft.com/technet/security/bulletin/MS05-026.mspx

    To keep up-to-date on the latest news, visit PC World's Info Center
    for Windows:
    http://www.pcworld.com/resource/infocenter/0,ctrid,6,ic,Windows,tk,srx,00.asp

    Security Advisories Begin to Pay Off

    Microsoft's pilot early-warning service, called Security Advisories,
    has released an important alert and an update. First, Microsoft warned
    about, and 12 days later patched, a hole in IE that could cause the
    browser to crash, letting culprits break in. (There have already been
    attacks, according to the company.) So protect your computer and
    download the patch:
    http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx

    In the advisory, Microsoft also issued Update Rollup 1 for Windows
    2000 Service Pack 4, containing patches released between June 2003 and
    April 2005. You can get that update here:
    http://support.microsoft.com/kb/891861

    You can sign up for Microsoft's service here:
    http://www.microsoft.com/technet/security/bulletin/notify.mspx

    Read "Microsoft Revamps Security Hole Approach" for more about the
    service:
    http://www.pcworld.com/news/article/0,aid,120752,tk,srx,00.asp

    * In Brief *

    Hole in Adobe Apps: If you use Adobe Creative Suite 1, Photoshop CS,
    or Premiere Pro 1.5, and you unintentionally disable your firewall
    (for example, by accidentally unchecking a box in your network
    configuration settings), you could be hit by a cyberassault. The
    problem lies in the app's license management technology. The programs
    will continue to work; but without the updated license mechanism, your
    PC is at risk. Bad guys prowling for an unpatched system could slide
    into yours through this hole. Locate the update here:
    http://www.adobe.com/support/techdocs/331688.html

    Opera Fixes Flaw: A hole in Opera 7.x and 8 could let a cracker launch
    a pop-up that looks as if it is from a site you're visiting, when in
    fact it's from the hijacker's site. If you enter the data it asks for
    (such as a credit card number), you could fall victim to a phishing
    scam. Get version 8.02 here:
    http://www.opera.com/download/

    Bugged?

    Found a hardware or software bug? Write to Stuart Johnston:
    bugs*pcworld.com

    Read Stuart J. Johnston's regularly published "Bugs and Fixes"
    columns:
    http://www.pcworld.com/resource/columnist/0,colid,2,tk,sr,00.asp


    ===
    "In a world where more than 10 million americans live with cancer -- we believe unity is strength, knowledge is power, and attitude is everything!"
    -- Livestrong, by Lance Armstrong
     
    Ablang, Aug 18, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.