Microsoft warns of IE,Outlook flaws
Results 1 to 7 of 7

Thread: Microsoft warns of IE,Outlook flaws

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    508

    Microsoft warns of IE,Outlook flaws



    Microsoft has warned of new security glitches in some of its Internet software that could expose sensitive data.





    The company said a glitch could allow hackers to pilfer information from computers running versions of its Internet Explorer Web browser. The Internet Explorer security hole affects versions 5.5 and 6 for Windows. IE 5.01 is not affected by the glitch.

    A second problem striking Microsoft's Outlook 2002 e-mail program could let a hacker deny user access to the program. The hacker could do this because a "vulnerability exists in Outlook 2002 in its processing of e-mail header information," according to a Microsoft security bulletin.

    Outlook 2002, which is included with Office XP, is affected by the flaw, but Outlook 98, 2000 or Outlook Express are not. Microsoft did not say whether Outlook 11, which is in the hands of about 12,000 beta testers, is vulnerable to the exploit.

    The company rated the security glitches as "moderate" threats but recommended all consumers apply patches to prevent hacker attacks.

    The new IE glitch comes less than two weeks after the discovery of a more serious security hole that exposed millions of Web servers and PCs to potential hacking. That flaw likely hampered the more than 4 million Web sites using Microsoft's Internet Information Server software.

    The new security hole exists because "the security checks that Internet Explorer carries out when particular object caching techniques are used in Web pages are incomplete," according to a Microsoft bulletin. "This could have the effect of allowing a Web site in one domain to access information in another, including the user's local system."

    Using the exploit, a hacker could create a Web site that stores information in the browser's cache that would take the Internet user to a different Web address or domain. The hacker also could deliver this "Web object" in Hypertext Markup Language (HTML)-formatted e-mail either opened by the user or simply displayed in Outlook Preview. Outlook Express 6 and Outlook 2002 are not vulnerable to this exploit when used in their default configurations.

    The hacker would be able to read any files on the computer or launch programs for which he or she knew the exact location on the compromised system. The hacker would not be able to place programs on the invaded computer or change or delete files, according to Microsoft.

    Microsoft has posted a patch for the Internet Explorer flaw. The patch, which is cumulative for other security bugs, can be applied to Internet Explorer 5.5 with Service Pack 2 installed and to IE 6.

    In October, GreyMagic Software reported eight security vulnerabilities it deemed "critical" because of a flaw in how Internet Explorer caches Web objects. Wednesday's patch addresses in part the vulnerabilities uncovered by GreyMagic.
    wow I just read this site http://www.zdnet.com.au/newstech/sec...0270499,00.htm it's seriously security hole IE...
    Not an image or image does not exist!
    Not an image or image does not exist!

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    I love micro-soft's interpretation of thing. An attacker can access any information on your computer and run any program they was but the risk is moderate
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    126
    At the risk of sounding smug.

    This is exactly the reason why I recommend that people use browsers, and email clients that are not Microsoft's products.

    I use Pegasus for email, and Mozilla as my Browser. I know there are bugs in mozilla, but I'm also aware of the evangelistic approach that Mozilla developers take to patches.

    regards

  4. #4
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    Originally posted here by bofhandpfy
    I'm also aware of the evangelistic approach that Mozilla developers take to patches.

    regards
    What do you mean by this? I use/love Mozilla, please explain?
    yeah, I\'m gonna need that by friday...

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    126
    Doh! choose the wrong word, and get people confused

    sorry tampabay

    the developers over at Mozilla consider it to be part of the selling point of Mozilla that patches are released as swiftly as possible

  6. #6
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    I took the plunge and loaded SP1 for xp and ie6. It was a nightmare until I finally got everything straightened out. I'll pass on any future service packs and rely on my antivirus and firewall. I use another browser and have a couple of free email accounts, too, which takes care of any Outlook problem. I'm all done with loading any more MS stuff on this machine.

  7. #7
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Microsoft has posted a patch for the Internet Explorer flaw. The patch, which is cumulative for other security bugs, can be applied to Internet Explorer 5.5 with Service Pack 2 installed and to IE 6
    Some time ago I used to manage a relatively small business LAN. As if 3 computers, 3 different OS's, 2 different virus softwares installed, no firewalls, and one badass virus running around the system called Nimda, the LAST thing I wanted to worry about was my IE 5.5.
    So, I installed these patches.......and came to a wonderful conclusion,
    Microsoft must be the only company on the planet, that can take a perfectly good working browser, and offer security updates that then proceed to crash my browser. Nice.
    The patches did work as promised though....
    I mean, how can you hack a computer that can't even get online?
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides