In this issue:

• Microsoft Issues New Security Patch, Fights 'Zero-Day' exploits
• Windows XP SP1: No Longer Supported
• Recent Support BBS Postings
• Recommended Web Sites
• Administrivia

Microsoft Issues New Security Patch, Fights 'Zero-Day' exploits

by Arie Slob

Hello Windows users,

On the 26th September Microsoft issued a patch for a very serious security issue that affects Internet Explorer 5 & 6. For details please see Microsoft's security Bulletin MS06-055.

The patch fixes a critical vulnerability in the way Internet Explorer (and some versions of Outlook) renders VML (Vector Markup Language) graphics.

According to Verisign's iDefense Rapid Response Team there are already over 3,000 Web sites infecting users with malware that exploited the VML bug. By persuading a user to access a specially crafted HTML document, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user or cause a denial of service condition in Internet Explorer.

On the 5th October Microsoft updated the MS06-055 security bulletin to include Microsoft Windows 2000 Service Pack 4 as being affected.

Microsoft is also currently investigating another vulnerability for which exploit code already exists. This time the vulnerability is in Windows Shell that - when exploited - could allow remote code execution. Microsoft have issued a Security Advisory 926043 in which they state that they are currently working on a security patch which is scheduled to be released October 10th as part of the 'normal' monthly patch cycle.

But that's not all… Microsoft is also investigating public reports of limited 'zero-day' attacks using a vulnerability in Microsoft PowerPoint 2000/2002/2003, as well as Microsoft PowerPoint 2004 and v. X for Mac.

A 'zero-day' attack is an exploit that is being released before or on the same day that the vulnerability becomes public knowledge.

You can read more about PowerPoint vulnerability in Microsoft Security Advisory 925984.

Windows XP SP1: No Longer Supported

Next Tuesday, October 10, 2006 marks the end of the road for Windows XP Servica Pack 1 (SP1). After this date, customers still running on SP1 will find themselves stranded without any further security updates.

If you still have not installed SP2 (which was released September 17, 2004), you might want to considder doing so.

Recent Support BBS Postings

• How Fast is Fast Enough - Windows XP
• AD and GPO corrupt toool testing? - Windows Server System
• Network Hardware Advice (Switch on ADSL) - Networking
• XP Restore Points Missing - Windows XP
• New Microsoft Knowledge Base Articles

Recommended Web sites

Each month we will feature a few Web sites here, ones which sent us the most visitors to our Web site in the previous month. We would encourage you to visit these popular Web sites yourself!

Here are some sites in the Top 15 for September 2006:

• Wikipedia - The Free Encyclopedia.
• Macworld - Mac Forums.
• Tech Support Forum - Computer support discussion forum.
• Virtual Dr. - Support forums for Windows, Macintosh, BeOS, Unix and more.
• MSDN Blogs- Microsoft Developer Network Blogs.

The Top 15 sites are listed on our Web site.

Back Issues, unsubscribing etc.

This Newsletter is also available on-line. You can view previous issues in the on-line archive.