In this issue:
Microsoft Issues New Security Patch, Fights 'Zero-Day' exploits
by Arie Slob
Hello Windows users,
On the 26th September Microsoft issued a patch for a very serious security issue that affects Internet Explorer 5 & 6. For details please see Microsoft's security Bulletin MS06-055.
The patch fixes a critical vulnerability in the way Internet Explorer (and some versions of Outlook) renders VML (Vector Markup Language) graphics.
According to Verisign's iDefense Rapid Response Team there are already over 3,000 Web sites infecting users with malware that exploited the VML bug. By persuading a user to access a specially crafted HTML document, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user or cause a denial of service condition in Internet Explorer.
On the 5th October Microsoft updated the MS06-055 security bulletin to include Microsoft Windows 2000 Service Pack 4 as being affected.
Microsoft is also currently investigating another vulnerability for which exploit code already exists. This time the vulnerability is in Windows Shell that - when exploited - could allow remote code execution. Microsoft have issued a Security Advisory 926043 in which they state that they are currently working on a security patch which is scheduled to be released October 10th as part of the 'normal' monthly patch cycle.
But that's not all… Microsoft is also investigating public reports of limited 'zero-day' attacks using a vulnerability in Microsoft PowerPoint 2000/2002/2003, as well as Microsoft PowerPoint 2004 and v. X for Mac.
A 'zero-day' attack is an exploit that is being released before or on the same day that the vulnerability becomes public knowledge.
You can read more about PowerPoint vulnerability in Microsoft Security Advisory 925984.
Windows XP SP1: No Longer Supported
Next Tuesday, October 10, 2006 marks the end of the road for Windows XP Servica Pack 1 (SP1). After this date, customers still running on SP1 will find themselves stranded without any further security updates.
If you still have not installed SP2 (which was released September 17, 2004), you might want to considder doing so.
Recent Support BBS Postings
Recommended Web sites
Each month we will feature a few Web sites here, ones which sent us the most visitors to our Web site in the previous month. We would encourage you to visit these popular Web sites yourself!
Here are some sites in the Top 15 for September 2006:
The Top 15 sites are listed on our Web site.
Back Issues, unsubscribing etc.
This Newsletter is also available on-line. You can view previous issues in the on-line archive.