June’s Security Updates for Windows Include IE, Outlook and Telnet - 1,883 Views, 2 Comments
|
Previous Article « Free American Flags in Honor of Flag Day from AmericanFlag.com
Read Next Article » Newest AIM Opanki Worm says “LOL Look at Him”
The second Tuesday of each month heralds Microsoft’s monthly Security Updates for Windows. This month’s batch includes security updates for Internet Explorer, Outlook Express, Telnet, and HTML Help, to name a few. The update for Outlook Express affects OE primarily when it is used as a newsgroup reader. In that mode, says Microsoft, an attacker could “exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. An attacker who successfully exploited this vulnerability could take complete control of an affected system.” The Internet Explorer update is a real gotcha. Microsoft says that it’s critical, but they also say that the update can cause the following known issues: A) in Microsoft Windows XP with Service Pack 2 and in Microsoft Windows Server 2003 with Service Pack 1, the Add or Remove Programs item in Control Panel lists software updates. Add or Remove Programs lists software updates under the name of the product that they update. In Windows XP with Service Pack 2, Add or Remove Programs lists this update under Windows XP - Software Updates. In Windows XP with Service Pack 2, Add or Remove Programs does not show Installed On information for this software update. Therefore, this software update does not appear in the order of installation. Instead, this software update appears at the top of the Windows XP – Software Updates lists, and B) in some Windows Media High Definition Video (WMV HD) DVDs, a chapter does not play when you click the chapter in Microsoft Windows Media Player after you install this security update. So what happens if you don’t apply the new Internet Explorer security update? Well, first, an attacker could take advantage of a PNG image rendering vulnerability “by constructing a malicious PNG image that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.” Second, an attacker may exploit an XML security hole “by constructing a malicious Web page that could potentially lead to information disclosure if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could read XML data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability. So which is better? The devil you know, or the devil you don’t? Next up is a vulnerability in HTML Help which can allow someone to take complete control of your system . Ick. There is also an announced vulnerability in the Windows Telnet program. If you ever use that (and even if you don’t, as you never know when someone else may grab at telnet session on your machine), you should be sure to install this update. All of the above affect many flavours of Windows, primarily XP, 2000, and Server 2003, and so you should follow the below links and do what’s necessary to secure your Windows system. In addition, below these four links, are links to the other six security updates which Microsoft put out for June. Security Update for Outlook Express Security Update for Internet Explorer Additional updates: Security Update for ISA Server 2000 Security Update for Microsoft Agent Spoofing Issue Security Update for Step-by-Step Interactive Training Vulnerability Security Update for Exchange Server 5.5
Follow Anne on Twitter
June’s Security Updates for Windows Include IE, Outlook and Telnet
Twitter Explained in Plain English
Previous Article « Free American Flags in Honor of Flag Day from AmericanFlag.com
Read Next Article » Newest AIM Opanki Worm says “LOL Look at Him”
Read more:
» Outlook Express Flaw Elevated to Higher Risk
» Microsoft Windows Security Updates for October - 3 Critical!
» Beware the Fake Microsoft Windows Update Patch W32.Pinfi!
» Windows Media and Outlook Express Both at High Risk
For additional similar stories check out our archives on Security, Windows
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
I applaud the “Magic 8 Ball” picture. That made me laugh.
Comment by The Mu — 6/15/2005 @ 4:53 pm
Why not just download Firefox, disable IE and be done with it? Yes, Fx has its flaws too, but since it’s a stand alone program, not an integral part of the OS like IE, its flaws are far less likely to cause major problems. They also tend to be fixed quicker, in my experience.
Comment by Bill — 6/22/2005 @ 4:43 am