Subject: Multiple Windows Security Problems
Date: Mon, Aug 19 2002 -- 3:47 PM
Posted by: Mara's Staff Account
Multiple Windows Security Problems
All Windows users should read this notice carefully. In the
last two days, two major security vulnerabilities with Microsoft
Windows products were announced.
Vulnerability #1 means that your computer can be compromised simply
by viewing email or accidentally visiting a malicious web site. The
vulnerability works by bypassing warnings that you are going to run
a .EXE or other executable file.
Vulnerability #2 means that any Windows XP system plugged into the
Internet can be fully compromised by anyone in the world. Windows
XP was released in late October and is likely to be preinstalled on
recently purchased computers.
Panix urges all affected customers to upgrade their machines
immediately, as instructed by Microsoft's advisories (see below).
We further recommend that customers explore alternatives to MS
Outlook and Internet Explorer, as we believe both products will
continue to be vulnerable to these kinds of issues.
Here are links with more information and patches:
(1) - Internet Explorer 6.0 and/or Outlook allow execution of
malicious code:
http://www.microsoft.com/technet/security/bulletin/MS01-058.asp
http://www.cert.org/advisories/CA-2001-36.html
(2) - Windows XP (and some ME/98) can be remotely exploited via buggy
UPNP service.
http://www.microsoft.com/technet/security/bulletin/MS01-059.asp
http://dailynews.yahoo.com/h/ap/20011220/tc/microsoft_hackers.html
http://www.eeye.com/html/Research/Advisories/AD20011220.html
| |
