Windows-Help.NET Newsletter 07 Dec. 2002, Vol 5 No. 49

In this issue:

w   More IE & Outlook flaws
w   Microsoft Security Bulletin
w   Recent Support BBS Postings
w   Web Site Updates
w   Administrivia

Buy Lockergnome's Favorite Computer Tips

More IE & Outlook flaws

by Arie Slob

Hello Windows users,

Just a few weeks ago, Microsoft issued the "November Cumulative Patch for Internet Explorer" as I reported in the Newsletter of the 23rd November.

This week saw the release of the "December Cumulative Patch for Internet Explorer", this time for Internet Explorer version 5.5 and 6.0 (version 5.01 was not affected).

The new patch was needed, because a new security flaw was spotted, which could allow hackers to pilfer information from computers running the Internet Explorer Web browser versions listed. According to Microsoft "the flaw occurs because the security checks that Internet Explorer carries out when particular object caching techniques are used in web pages are incomplete. This could have the effect of allowing a website in one domain to access information in another, including the user's local system. Exploiting the vulnerability could enable an attacker to read, but not change, any file on the user's local computer. In addition, the attacker could invoke an executable that was already present on the local system. The attacker would need to know the exact location of the executable, and would not be able to pass parameters to it. Microsoft is not aware of any executable that ships by default as part of Windows and, when run without parameters, could be dangerous."

On the same day Microsoft issued a patch for Outlook 2002 (not Outlook Express). A flaw exists in the way that Outlook 2002 processes email header information that could allow an attacker to send a specially malformed e-mail to a user of Outlook 2002 that would cause the Outlook client to fail under certain circumstances.

Microsoft rated both these flaws as "moderate" threats, but recommends that all users apply the appropriate patches. This rating (in relation to the Internet Explorer vulnerability) drew criticism of Thor Larholm, a vulnerability researcher with security consultancy Pivx Solutions, who posted on the BugTraq forum: "Great, so arbitrary command execution, local file reading and complete system compromise is now only moderately severe, according to Microsoft."

To me it seems he is quite right, and I would urge all Windows-Help.NET Newsletter readers to treat this as "critical" instead, and apply the patch immediately. More info on the availability of the patch can be found below.


IM Speak!Instead of just seeing text, you'll be hearing your friends talk to you in a voice you assign to them. You can also adjust the speed or pitch of incoming messages for each buddy. IM Speak! can also speak any text from your clipboard, import new voices for buddies, and work with translation dictionaries to translate incoming text into different languages and accents. IM Speak! is compatible with MSN and AOL IM.

Buy IM Speak! now for only $24 download [5.02 MB] a trial version now!

Microsoft Security

December 2002 Cumulative Patch for Internet Explorer 5.5 and 6.0

Microsoft released a cumulative patch for Internet Explorer 5.5 and 6.0. In addition to including the functionality of all previously released patches for Internet Explorer 5.5 and 6.0, it also eliminates a newly discovered flaw in Internet Explorer's cross-domain security model.

Affected Software Versions

  • Microsoft Internet Explorer 5.5 and 6.0


    E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail

    Microsoft released a patch for Microsoft Outlook 2002, which contains a bug that an attacker could use to cause the Outlook client to fail under certain circumstances.

    Affected Software Versions

  • Microsoft Outlook 2002


    Recent Support BBS Postings

    IP Configuration (trouble shooting) - Windows XP
    Outlook Express Auto responding? - Internet Explorer
    Haven't Formatted in 7 Years - General Discussions
    Digital cameras opinions - General Discussions
    Automatic windows logon... where'd it go? - Windows XP

    Web Site Updates

    These pages were added/updated in the past 2 weeks. Information on previously updated/added pages is available on the What's New? page for 1 month.

    Added: Video Games and Kids -- Part 3


    Added: Microsoft Security: December 2002 Cumulative Patch for Internet Explorer 5.5 and 6.0
    Added: Microsoft Security: E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail

    Windows XP

    Added: Create a Password Recovery Disk
    Added: Display the Quick Launch Bar
    Added: Change the Look of the Control Panel
    Added: Change the Look of the Start menu
    Added: Choose a Power Scheme

  •   Highlights

    Video Games and Kids -- Part 3

    Should you preview your pre-teens' gaming selections?

    Read Full Article
    Windows XP Tips: Getting Started

    I started with a series of tips aimed more at the starting Windows XP user. These are just examples of how you can change your Windows experience with just a few mouse clicks. These simple tips won't include any registry changes; those are reserved for the more advanced Customizing Windows XP tips.

    Users with Windows XP on a portable computer might want to read the tip Choose a Power Scheme however, there's some interesting information there how your CPU will behave which isn't very well known.
    InfiniSource Windows TechFiles

    The Windows TechFiles provide more in-depth coverage of various issues encountered in the everyday use of the Windows operating systems. In this regard they differ from our Windows-Help.NET site, where you will find mostly Tips & Tricks, quick and easy to follow solutions for specific problems. If you have a specific problem which is not addressed in the TechFiles, head over to our Windows-Help.NET site to see if your solution is there!

    InfiniSource Windows TechFiles good as Microsoft Office?

    Can a free office suite be as good as Microsoft's venerable--and market-leading--Office?

    ZDNet Article
    Tell a friend about this Newsletter!

    Need Help with Windows? Ask questions here!

    FREE Software!

      Web Site

    Support BBS
    Windows 95
    Windows 98
    Windows Me
    Windows 2000
    Windows XP
    IRC Info
    'Net Humor
    Search Engines
    Shareware Links
    Software Store
    TechFiles Index
    Web Design

    Rose City Software
    RCS Summaries
    Be a Beta tester
    List With Us

      Subscribe Free

    IT Professionals
    Windows XP
    Windows XP Software
    Windows XP Security
    Windows XP Networking
    Windows XP Systems Management
    Windows 2000
    Windows Networking
    Small business owners
    Network Management
    Systems Administrators
    Training & Certification

    Lots More Great Mailing Lists!

    Enter E-mail address HTML E-mail?
    Yes No
    Zip Code:

    Subscribers to these free lists will receive occasional e-mail announcements of special offers relating to each topic of interest indicated above!

    Back Issues, unsubscribing etc.