Windows-Help.NET Newsletter 03 July 2004, Vol 7 No. 23

In this issue:

w   Microsoft releases Critical IE configuration change
w   Recommended Web Sites
w   Recent Support BBS Postings
w   Administrivia

 
To eliminate unwanted email from ALL sources use SpamArrest!
 

Microsoft releases Critical IE configuration change

by Arie Slob

Hello Windows users,

Microsoft has confirmed a report of a security issue known as Download.Ject affecting customers using Microsoft Internet Explorer, a component of Microsoft Windows.

Last Friday, Microsoft released a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address this issue (Windows 9x/Me have now also been addressed). Microsoft strongly encourages users to apply this configuration change immediately to help protect their computers.

You can get the update from the WindowsUpdate Web site.

The initial discovery of this vulnerability came when on Thursday, June 24, 2004, Microsoft responded to reports that some customers running IIS 5.0 (Internet Information Services), a component of Windows 2000 Server, were being targeted by malicious code, known as "Download.Ject." Internet service providers and law enforcement, working together with Microsoft, identified the origination point of the attack -- a Web server located in Russia -- and shut it down on Thursday, June 24, 2004.

The vulnerability is caused when an existing functionality was combined with known security vulnerabilities in Microsoft Internet Explorer. An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.

Microsoft also made this update available for Windows Millennium Edition, Windows 98, and Windows 98 Second Edition under the extended support for critical security issues.

You can find more information on this update, including a way to manually secure your PC in Microsoft Knowledge Base Article 807669.

You should also visit the What You Should Know About Download.Ject Web page, this contains additional information, including how to determine if your computer has been infected with the malicious code.

Note: Users of Windows XP Service Pack 2 Release Candidate 2 (Windows XP SP2 RC2) are not at risk.

Give your comments on this article.

Recommended Web sites

Each month we will feature a few Web sites here, ones which sent us the most visitors to our Web site in the previous month. We would encourage you to visit these popular Web sites yourself!

Here are some sites in the Top 15 for June 2004:

  • Java Tester - Java infirmation Web site.
  • VIA Arena - Official VIA forums.
  • ZoneLabs - Zone Labs User Forum.
  • SWI Forums - SpyWareInfo forums.

    The Top 15 sites are listed on our Web site.

    Recent Support BBS Postings

    Can't Hide My Language Toolbar - Windows XP
    Archiving emails & reading elsewhere later? - IE / Outlook Express
    Problem trying to connect an ADSL modem to a hub - Networking
    USB or PS2 Mouse - Hardware
    Can't remove "My Documents" from Desktop - Windows XP

    •   Highlights

    Increase Your Browsing and E-Mail Safety

    4 Steps to Help Ward Off Hackers and Attackers

    By increasing your security settings in Microsoft Internet Explorer, Microsoft Outlook, and Microsoft Outlook Express, you can help limit your chances of being attacked.

    Read Microsoft Article

    Recommend This Newsletter!

    Do you enjoy reading this Newsletter? Then why not tell your friend(s) about it? We have a handy Web form where you can just enter your name & email address together with your friends name & email address, and we'll send him your recommendation!

    Recommend this Newsletter!

    Windows XP Tip: Using & Tuning ClearType Font Smoothing

    ClearType triples the horizontal resolution available for rendering text through software so that the result is clearer display of text on a Liquid Crystal Display (LCD) screen with digital interface. But don't let that lead you to believe it's only good on an LCD display! If you have a good quality CRT display, you may also benefit from ClearType.

    Read Full Article

    MSN launches revamped search engine

    Microsoft is expected to take its first baby steps on the road to Web search independence, with the launch of a homegrown Internet search tool and changes to its Internet search engine.

    Read C|Net Article

    Tell a friend about this Newsletter!

    Need Help with Windows? Ask your questions here!

    FREE Software!

      Our Web Sites

    Windows-Help.NET
    WindowsBBS.com
    InfiniSource.com
    Rose City Software

      Subscribe Free

    IT Professionals
    Microsoft MCSE
    Wireless network products
    FREE Stuff

    Lots More Great Mailing Lists!

    Enter E-mail address HTML E-mail?
    Yes No
    Zip Code:



    Subscribers to these free lists will receive occasional e-mail announcements of special offers relating to each topic of interest indicated above!

    Back Issues, unsubscribing etc.

    Windows-Help.NET Newsletter Current Issue

    This Newsletter is also available on-line. You can view previous issues in the on-line archive.

    Windows-Help.NET News is a weekly publication of Windows-Help.NET. We respect your online time and Internet privacy. If you would prefer not to receive this newsletter, just reply to this e-mail. You will receive a confirmation of your removal.

    To change your e-mail address, simply follow the instructions to unsubscribe, and re-subscribe using your new e-mail address. You will receive instructions on how to subscribe with your confirmation of removal when you unsubscribe.

    Copyright© 2004, Windows-Help.NET. All rights reserved.

    Windows-Help.NET is a division of InfiniSource, Inc.