In this issue: w   More IE & Outlook flaws w   Microsoft Security Bulletin w   Recent Support BBS Postings w   Web Site Updates w   Administrivia

More IE & Outlook flaws

by Arie Slob

Hello Windows users,

Just a few weeks ago, Microsoft issued the "November Cumulative Patch for Internet Explorer" as I reported in the Newsletter of the 23rd November.

This week saw the release of the "December Cumulative Patch for Internet Explorer", this time for Internet Explorer version 5.5 and 6.0 (version 5.01 was not affected).

The new patch was needed, because a new security flaw was spotted, which could allow hackers to pilfer information from computers running the Internet Explorer Web browser versions listed. According to Microsoft "the flaw occurs because the security checks that Internet Explorer carries out when particular object caching techniques are used in web pages are incomplete. This could have the effect of allowing a website in one domain to access information in another, including the user's local system. Exploiting the vulnerability could enable an attacker to read, but not change, any file on the user's local computer. In addition, the attacker could invoke an executable that was already present on the local system. The attacker would need to know the exact location of the executable, and would not be able to pass parameters to it. Microsoft is not aware of any executable that ships by default as part of Windows and, when run without parameters, could be dangerous."

On the same day Microsoft issued a patch for Outlook 2002 (not Outlook Express). A flaw exists in the way that Outlook 2002 processes email header information that could allow an attacker to send a specially malformed e-mail to a user of Outlook 2002 that would cause the Outlook client to fail under certain circumstances.

Microsoft rated both these flaws as "moderate" threats, but recommends that all users apply the appropriate patches. This rating (in relation to the Internet Explorer vulnerability) drew criticism of Thor Larholm, a vulnerability researcher with security consultancy Pivx Solutions, who posted on the BugTraq forum: "Great, so arbitrary command execution, local file reading and complete system compromise is now only moderately severe, according to Microsoft."

To me it seems he is quite right, and I would urge all Windows-Help.NET Newsletter readers to treat this as "critical" instead, and apply the patch immediately. More info on the availability of the patch can be found below.

Instead of just seeing text, you'll be hearing your friends talk to you in a voice you assign to them. You can also adjust the speed or pitch of incoming messages for each buddy. IM Speak! can also speak any text from your clipboard, import new voices for buddies, and work with translation dictionaries to translate incoming text into different languages and accents. IM Speak! is compatible with MSN and AOL IM.

download [5.02 MB] a trial version now!

*Requires Sound card and speakers
*Requires Microsoft Internet Explorer 4.0 or later
*Compatible with Windows 98 through XP

Microsoft Security

December 2002 Cumulative Patch for Internet Explorer 5.5 and 6.0

Microsoft released a cumulative patch for Internet Explorer 5.5 and 6.0. In addition to including the functionality of all previously released patches for Internet Explorer 5.5 and 6.0, it also eliminates a newly discovered flaw in Internet Explorer's cross-domain security model.

Affected Software Versions

  Highlights

Video Games and Kids -- Part 3

Should you preview your pre-teens' gaming selections?

Read Full Article
Windows XP Tips: Getting Started

I started with a series of tips aimed more at the starting Windows XP user. These are just examples of how you can change your Windows experience with just a few mouse clicks. These simple tips won't include any registry changes; those are reserved for the more advanced Customizing Windows XP tips.

Users with Windows XP on a portable computer might want to read the tip Choose a Power Scheme however, there's some interesting information there how your CPU will behave which isn't very well known.
InfiniSource Windows TechFiles

The Windows TechFiles provide more in-depth coverage of various issues encountered in the everyday use of the Windows operating systems. In this regard they differ from our Windows-Help.NET site, where you will find mostly Tips & Tricks, quick and easy to follow solutions for specific problems. If you have a specific problem which is not addressed in the TechFiles, head over to our Windows-Help.NET site to see if your solution is there!

InfiniSource Windows TechFiles
OpenOffice.org--as good as Microsoft Office?

Can a free office suite be as good as Microsoft's venerable--and market-leading--Office?

ZDNet Article
Tell a friend about this Newsletter!

Need Help with Windows? Ask questions here!

FREE Software!

  Web Site

Windows-Help.NET
Support BBS
Windows 95
Windows 98
Windows Me
Windows 2000
Windows XP

InfiniSource.com
IRC Info
'Net Humor
Search Engines
Shareware Links
Software Store
TechFiles Index
Web Design

Rose City Software
RCS Summaries
Be a Beta tester
List With Us

  Subscribe Free

Back Issues, unsubscribing etc.

This Newsletter is also available on-line. You can view previous issues in the on-line archive.

Windows-Help.NET News is a weekly publication of Windows-Help.NET. We respect your online time and Internet privacy. If you would prefer not to receive this newsletter, just reply to this e-mail. You will receive a confirmation of your removal.

To change your e-mail address, simply follow the instructions to unsubscribe, and re-subscribe using your new e-mail address. You will receive instructions on how to subscribe with your confirmation of removal when you unsubscribe.

Copyright© 2002, Windows-Help.NET. All rights reserved.

Windows-Help.NET is a division of InfiniSource, Inc.