The second Tuesday of each month heralds Microsoft’s monthly Security Updates for Windows. This month’s batch includes security updates for Internet Explorer, Outlook Express, Telnet, and HTML Help, to name a few.
The update for Outlook Express affects OE primarily when it is used as a newsgroup reader. In that mode, says Microsoft, an attacker could “exploit the vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. An attacker who successfully exploited this vulnerability could take complete control of an affected system.”
The Internet Explorer update is a real gotcha. Microsoft says that it’s critical, but they also say that the update can cause the following known issues: A) in Microsoft Windows XP with Service Pack 2 and in Microsoft Windows Server 2003 with Service Pack 1, the Add or Remove Programs item in Control Panel lists software updates. Add or Remove Programs lists software updates under the name of the product that they update. In Windows XP with Service Pack 2, Add or Remove Programs lists this update under Windows XP – Software Updates. In Windows XP with Service Pack 2, Add or Remove Programs does not show Installed On information for this software update. Therefore, this software update does not appear in the order of installation. Instead, this software update appears at the top of the Windows XP – Software Updates lists, and B) in some Windows Media High Definition Video (WMV HD) DVDs, a chapter does not play when you click the chapter in Microsoft Windows Media Player after you install this security update.
So what happens if you don’t apply the new Internet Explorer security update?
Well, first, an attacker could take advantage of a PNG image rendering vulnerability “by constructing a malicious PNG image that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Second, an attacker may exploit an XML security hole “by constructing a malicious Web page that could potentially lead to information disclosure if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could read XML data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability.
So which is better? The devil you know, or the devil you don’t?
Next up is a vulnerability in HTML Help which can allow someone to take complete control of your system . Ick.
There is also an announced vulnerability in the Windows Telnet program. If you ever use that (and even if you don’t, as you never know when someone else may grab at telnet session on your machine), you should be sure to install this update.
All of the above affect many flavours of Windows, primarily XP, 2000, and Server 2003, and so you should follow the below links and do what’s necessary to secure your Windows system.
In addition, below these four links, are links to the other six security updates which Microsoft put out for June.
[Page no longer available – we have linked to the archive.org version instead]
[Page no longer available – we have linked to the archive.org version instead]
[Page no longer available – we have linked to the archive.org version instead]
[Page no longer available – we have linked to the archive.org version instead]
Additional updates:
[Page no longer available – we have linked to the archive.org version instead]
[Page no longer available – we have linked to the archive.org version instead]
[Page no longer available – we have linked to the archive.org version instead]
[Page no longer available – we have linked to the archive.org version instead]
[Page no longer available – we have linked to the archive.org version instead]
[Page no longer available – we have linked to the archive.org version instead]
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Why not just download Firefox, disable IE and be done with it? Yes, Fx has its flaws too, but since it’s a stand alone program, not an integral part of the OS like IE, its flaws are far less likely to cause major problems. They also tend to be fixed quicker, in my experience.
I applaud the “Magic 8 Ball” picture. That made me laugh.