Multiple Vulnerabilities Reported in IE
by Arie Slob
Hello Windows users,
Microsoft's Internet Explorer continues to be the "weak link" in computer security. Time & time again new vulnerabilities are found, which are then (hopefully) fixed by Microsoft after some time.
Internet Explorer has received an incredible amount of patches over time. If we look at this year alone:
- Feb. 05: MS03-004 - Cumulative Patch (2 new vuln. patched)
- Feb. 12: MS03-004 - (Revised Patch)
- Apr. 23: MS03-015 - Cumulative Patch (4 new vuln. patched)
- Jun. 04: MS03-020 - Cumulative Patch (2 new vuln. patched)
- Aug. 20: MS03-032 - Cumulative Patch (2 new vuln. patched)
- Oct. 03: MS03-040 - Cumulative Patch (2 new vuln. patched)
- Nov. 12: MS03-048 - Cumulative Patch (5 new vuln. patched)
If you are in any position to dump Internet Explorer, and choose another browser, that might be a good thing to do. It's not that other browsers don't have vulnerabilities, but for sure not at the rate that Internet Explorer is showing! Unfortunately not every one will be in a position to dump IE, for example many banks insist that you can only use online banking with the Microsoft browser.
You can avoid some problems by following the instructions in an article I first published a few years ago called How to surf the Internet more safely with Internet Explorer
This week, Danish security company Secunia Ltd. announced another five vulnerabilities in Internet Explorer 6 that when used together could allow hackers to compromise a users computer. The flaws are all related to Active Scripting, which is enabled by default. In my document linked above, I explain how to disable this (and other settings) for basic Web browsing. If you would need Active Scripting (Windows Update uses it for example), you can follow the instructions to enable it on a case-by-case base.
The security flaws were originally discovered by a Chinese Liu Die Yu, who published the vulnerabilities and proof of concept evidence.
According to reports, Microsoft is said to be concerned that the new reports of vulnerabilities in IE were not disclosed responsibly (meaning that they where not contacted, but instead the vulnerabilities where just disclosed on the Internet). Microsoft is said to be looking into the vulnerabilities, and could add a fix in next months security update cycle.
Recommended Book: Windows XP Hacks
Our Price: $17.47
You Save: $7.48 (30%)
Paperback, 286 pages
Publication date: Sept. 2003
Wireless Hacks offers 100 industrial-strength tips about wireless networking, contributed by experts who apply what they know in the real world every day. Each hack can be read in just a few minutes, but can save you hours of research. Written for the intermediate to advanced wireless user, Wireless Hacks is full of practical, ingenious solutions to real-world networking situations and problems. Whether your wireless network needs to extend to the edge of your office or to the other end of town, this collection of nonobvious, "from the field" techniques will show you how to get the job done.
The author clearly loves to tinker, as seen from the section on designing and building your own antennas.
To Order: USA | EU (£12.25)
Recent Support BBS Postings
XP command line tutorial? - Windows XP
Serial-ATA - Hardware
Can't "Open" Files when downloading with IE - Internet Explorer
Poll: Your favorite hard drive - Hardware
My computer not in My Workgroup... - Networking
Web Site Updates
These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.
Updated: Tweaking Toolbox XP version 1.50 released
Updated: Windows XP, Installing and Setup
Security At Microsoft: IT Showcase Technical White Paper
Microsoft is sharing its internal IT security practices with everybody who like to read. This white paper describes what Microsoft's Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft. This asset protection takes place through a formal risk management framework, risk management processes, and clear organizational roles and responsibilities. The basis of the approach is recognition that risk is an inherent part of any environment and that risk should be proactively managed. The principles and techniques described in this paper can be employed to manage risk at any organization.
Windows Server 2003, Windows XP
Download White Paper [505 KB]
Windows XP Updates
On this page you'll find links to patches & downloads for Windows XP. I do not include security patches, those will always be listed on our Windows XP Home page, or elewhere on the site.
Read Full Article
InfiniSource TechFile: Internet Connection Sharing (ICS)
Microsoft's Windows 98 Second Edition (as well as Windows 2000 & Windows XP) include a feature, called Internet Connection Sharing (ICS).
With ICS you can share a single Internet Connection across your (home) network, making it easier to connect to the Internet from your Networked computers.
Read Full Article
Tell a friend about this Newsletter!
Need Help with Windows? Ask your questions here!
Our Web Sites
Rose City Software