Serious bugs expose millions of Windows users
by Arie Slob
Hello Windows users,
In the past week, Microsoft released patches for a Windows component called Microsoft Data Access Components (MDAC), and a new cumulative update for Internet Explorer.
The MDAC patch particular is rated as critical, because the vulnerable version(s) could allow attackers to run code of their choice on your systems! It also enables controlled Internet access to remote data resources through Internet Information Services (IIS), Microsoft's Web server product. It is believed that the majority of the 4 million plus Web sites hosted on IIS are affected by this vulnerability.
The MDAC component is included by default as part of Windows XP, Windows 2000, and Windows Millennium Edition, but it is also available in stand-alone technology, and included in Microsoft Internet Explorer, so most Windows users are affected by this vulnerability. Although Windows XP includes the MDAC components this issue does not affect it.
Security company Foundstone Research Labs first discovered the vulnerability, and worked with Microsoft in developing a patch.
Microsoft recommends all users whose systems could be affected to take action immediately. According to Microsoft's security program manager Lynn Terwoerds, there is a possibility that a worm might exploit the vulnerability. Computers that are used to browse the Web or read email should install the patch immediately. This is also recommended for computers that host Web sites using IIS.
To install the update, visit the WindowsUpdate Web site, or download [814 KB] the patch (for Windows 98, Me, NT4 and 2000).
The MDAC patch is also discussed on our WindowsBBS Web site.
More information on the cumulative update for Internet Explorer below.
Watch over 700 channels of Internet TV, webcams, news and entertainment through your Internet connection. New stations are also added every month. Broadband *not* required... a dialup connection will work!
download [4.2 MB] a trial version now!
Microsoft Security
November Cumulative Patch for Internet Explorer
Microsoft released a cumulative patch for Internet Explorer that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, this patch eliminates six newly discovered vulnerabilities.
Affected Software Versions
Microsoft Internet Explorer 5.01, 5.5 and 6.0
More...
Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
Microsoft released a patch for Microsoft Data Access Components (MDAC), which contains a bug that an attacker could cause data of his or her choice to overrun onto the heap.
Affected Software Versions
Microsoft Data Access Components (MDAC) 2.1, 2.5 and 2.6
Microsoft Internet Explorer 5.01, 5.5 and 6.0
More...
Recent Support BBS Postings
Virtual memory is dangerously low - Windows XP
November Cumulative Patch for Internet Explorer - Int. Explorer
Need free defrag util for Win 2k - Windows 2000
Installing a new hard drive - Hardware
BootDisk - Windows XP
Web Site Updates
These pages were added/updated in the past 2 weeks. Information on previously updated/added pages is available on the What's New? page for 1 month.
InfiniSource.com
Added: Video Games and Kids -- Part 1
Windows-Help.NET
Added: Microsoft Security: November Cumulative Patch for Internet Explorer
Added: Microsoft Security: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
|
Highlights
Video Games and Kids -- Part 1
Are video games enriching our youngest childrens' lives or...
Read Full Article
Microsoft to simplify security alerts
To help customers, Microsoft will now create a less technical end-user security bulletin that they will post at a new Security Web site. Microsoft will continue to release the current security bulletins targeted to technical professionals. The new end-user security bulletins will describe straightforward steps that customers can take to help keep their systems secure.
"Customer feedback tells us that, while technical professionals value our security bulletins, many end-users find them overly detailed and confusing," Steve Lipner, director of Microsoft Security Assurance, wrote in the e-mail.
In addition, before year's end, Microsoft intends to create a new End User Security Notification Service that will notify customers of
security issues in end-user-oriented products and provide a link to the appropriate end-user security bulletin.
Tell a friend about this Newsletter!
Need Help with Windows? Ask questions here!
FREE Software!
Web Site
Windows-Help.NET
Support BBS
Windows 95
Windows 98
Windows Me
Windows 2000
Windows XP
InfiniSource.com
IRC Info
'Net Humor
Search Engines
Shareware Links
Software Store
TechFiles Index
Web Design
Rose City Software
RCS Summaries
Be a Beta tester
List With Us
Subscribe Free
|