Windows-Help.NET Newsletter 29 Nov. 2003, Vol 6 No. 40

In this issue:

w   Multiple Vulnerabilities Reported in IE
w   Recommended Book: Wireless Hacks
w   Recent Support BBS Postings
w   Web Site Updates
w   Administrivia

Verizon Online DSL.

Multiple Vulnerabilities Reported in IE

by Arie Slob

Hello Windows users,

Microsoft's Internet Explorer continues to be the "weak link" in computer security. Time & time again new vulnerabilities are found, which are then (hopefully) fixed by Microsoft after some time.

Internet Explorer has received an incredible amount of patches over time. If we look at this year alone:

  • Feb. 05: MS03-004 - Cumulative Patch (2 new vuln. patched)
  • Feb. 12: MS03-004 - (Revised Patch)
  • Apr. 23: MS03-015 - Cumulative Patch (4 new vuln. patched)
  • Jun. 04: MS03-020 - Cumulative Patch (2 new vuln. patched)
  • Aug. 20: MS03-032 - Cumulative Patch (2 new vuln. patched)
  • Oct. 03: MS03-040 - Cumulative Patch (2 new vuln. patched)
  • Nov. 12: MS03-048 - Cumulative Patch (5 new vuln. patched)

If you are in any position to dump Internet Explorer, and choose another browser, that might be a good thing to do. It's not that other browsers don't have vulnerabilities, but for sure not at the rate that Internet Explorer is showing! Unfortunately not every one will be in a position to dump IE, for example many banks insist that you can only use online banking with the Microsoft browser.

You can avoid some problems by following the instructions in an article I first published a few years ago called How to surf the Internet more safely with Internet Explorer

This week, Danish security company Secunia Ltd. announced another five vulnerabilities in Internet Explorer 6 that when used together could allow hackers to compromise a users computer. The flaws are all related to Active Scripting, which is enabled by default. In my document linked above, I explain how to disable this (and other settings) for basic Web browsing. If you would need Active Scripting (Windows Update uses it for example), you can follow the instructions to enable it on a case-by-case base.

The security flaws were originally discovered by a Chinese Liu Die Yu, who published the vulnerabilities and proof of concept evidence.

According to reports, Microsoft is said to be concerned that the new reports of vulnerabilities in IE were not disclosed responsibly (meaning that they where not contacted, but instead the vulnerabilities where just disclosed on the Internet). Microsoft is said to be looking into the vulnerabilities, and could add a fix in next months security update cycle.

  Recommended Book: Windows XP Hacks

Wireless Hacks

List: $24.95
Our Price: $17.47
You Save: $7.48 (30%)

Paperback, 286 pages
Publication date: Sept. 2003

In Association With

Wireless Hacks offers 100 industrial-strength tips about wireless networking, contributed by experts who apply what they know in the real world every day. Each hack can be read in just a few minutes, but can save you hours of research. Written for the intermediate to advanced wireless user, Wireless Hacks is full of practical, ingenious solutions to real-world networking situations and problems. Whether your wireless network needs to extend to the edge of your office or to the other end of town, this collection of nonobvious, "from the field" techniques will show you how to get the job done.

The author clearly loves to tinker, as seen from the section on designing and building your own antennas.

To Order: USA | EU (£12.25)

Recent Support BBS Postings

XP command line tutorial? - Windows XP
Serial-ATA - Hardware
Can't "Open" Files when downloading with IE - Internet Explorer
Poll: Your favorite hard drive - Hardware
My computer not in My Workgroup... - Networking

Web Site Updates

These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.

Updated: Tweaking Toolbox XP version 1.50 released


Windows XP

Updated: Windows XP, Installing and Setup


Security At Microsoft: IT Showcase Technical White Paper

Microsoft is sharing its internal IT security practices with everybody who like to read. This white paper describes what Microsoft's Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft. This asset protection takes place through a formal risk management framework, risk management processes, and clear organizational roles and responsibilities. The basis of the approach is recognition that risk is an inherent part of any environment and that risk should be proactively managed. The principles and techniques described in this paper can be employed to manage risk at any organization.

System Requirements

Windows Server 2003, Windows XP
Microsoft Word

Download White Paper [505 KB]

Windows XP Updates

On this page you'll find links to patches & downloads for Windows XP. I do not include security patches, those will always be listed on our Windows XP Home page, or elewhere on the site.

Read Full Article

Microsoft Office 2003 Standard for Students and Teachers ($129.99 after rebate)

InfiniSource TechFile: Internet Connection Sharing (ICS)

Microsoft's Windows 98 Second Edition (as well as Windows 2000 & Windows XP) include a feature, called Internet Connection Sharing (ICS).

With ICS you can share a single Internet Connection across your (home) network, making it easier to connect to the Internet from your Networked computers.

Read Full Article

Tell a friend about this Newsletter!

Need Help with Windows? Ask your questions here!

FREE Software!

  Our Web Sites

Rose City Software

  Subscribe Free

IT Professionals
FREE Stuff
Windows XP
Windows XP Software
Windows XP Security
Windows XP Networking

Lots More Great Mailing Lists!

Enter E-mail address HTML E-mail?
Yes No
Zip Code:

Subscribers to these free lists will receive occasional e-mail announcements of special offers relating to each topic of interest indicated above!

Back Issues, unsubscribing etc.

Windows-Help.NET Newsletter Current Issue