Newly discovered flaws in both Outlook and Internet Explorer (IE) were uncovered and announced over the weekend. The security holes are considered to be especially “high risk” in part because they require little to no user interaction in order for a third-party to exploit them. The security flaws exist in the default installations of Windows XP, Windows 2000, Windows NT 4.0, and Windows Server 2003.
A Windows user’s computer can become infected through these holes by doing nothing more than web surfing to a site which is infected.
“If a user is tricked (into going) to a site carrying malicious code, they can become infected by just surfing across a banner ad,” according to Ben Nagy, a senior security engineer with eEye Security, which discovered and announced the flaws.
While Microsoft has been made aware of the issue, a Microsoft spokesperson stated that “At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue.” She added that “Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs.”
Nagy of eEye confirms this, saying that “Microsoft has acknowledged a vulnerability does exist and is real, but I doubt they will release a patch out of (their monthly) cycle.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
So what can the end user do in the meantime, besides cross their fingers and hope that this doesn’t happen to them? Well, perhaps the most important is to not open email if it’s not email from someone or somewhere you know – you know, if it seems like it’s likely to be spam, and to especially not click on links inside such email.
And wait for Microsoft’s next patch.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Excerpt from interview with Microsoft Rep:
http://www.washingtonpost.com/wp-dyn/articles/A38496-2004Aug27.html
Washington, D.C.: What specifically does Microsoft Homeland Security do? Sell software? Services?
Tom Richey: Our goal has been to assist in the development of technology to help detect, prevent, and deter terrorist activity in both small and large cities – linking everyone from the top intelligence official to the cop on the street – in a worldwide effort to stay one step ahead of those who threaten America.
My comments on this matter can be easily dismissed as the delusional ramblings of a parinoid conspiracy theorist, however I challenge everyone to provide evidence which proves me wrong. Windows does not have security flaws, what it does have is access methods which are included by design. While this is still only a theory, it based entirely on the facts. Microsoft was found guilty of antitrust violations. The guilty verdict was upheld by the appelate courts. Microsoft was not sentenced for the crimes. The DOJ allowed the guilty party to negotiate their punishment. In return Microsoft agreed to include easy access methods whereby “Big Brother” can easily read our files and monitor our onlne activities. When security experts discover these access methods the “gullible majority” still believe that a security flaw exists.