To change the Google theme of the afternoon…. Microsoft is due to release their April updates this coming Tuesday (April 11th.) Advance bulletin is here. Four updates affecting Windows, one affecting Office AND Windows. Highest severity is Critical (Explorer flaw probably) Reboot will be required… The Office/Windows update MAY require a reboot and is listed as Moderate.
Tag: internet explorer
-
IE exploit unofficial patches
While we wait for Microsoft to release a patch for the MOST recent Internet Explorer vulnerability….. it looks as though MS is “planning” to release a patch on their routine patch day of April 11th. (However they could always change their mind…) As before though there are some 3rd party patches. I’ve got to say I’m slightly uncomfortable with the prospect of a third party patch when there are workarounds (use another browser, disable active scripting….) However, for some those aren’t enough options. I know of two unofficial patches.
-
Internet based filesystem with no transfer fees
I thought this was a great idea…. rsync.net Okay for 2$ per GB of storage per month (or $24 per year for 1GB of storage) you can have your very own secure online storage drive. For you windows users think of a G: drive or a Z: drive that you could SECURELY connect to from a home machine and a work machine…. If you’re concerned about a catastrophic failure of one of their datacenters, then pay $3.50/GB/month for a more geographically dispersed plan (uses redundant data centers..) The best parts (I think) are this…. ssh encrypted connection to your drive and no transfer fees.
-
Update on Internet Explorer Exploit in the wild
If you use Internet Explorer to browse the web, I’d suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft’s infinite wisdom that “Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site”…. the reality is that legitimate sites have been hacked and the malicious code has been added. (Over 200 legit sites…)
-
Outlook Express Cumultaive Security Update KB837009 will not install
I’ve run into this in the last few days too. (In spite of the fact that it’s an OLD update (April 13, 2004?) MS04-013…. I think on the last visit (and my first one to this machine) we had probably forced a visit to Windows update (which I think it may not have seen before…) Anyway, this is a Windows 98 system and the last update probably brought along Internet Explorer 6 SP1 along with Outlook Express. There was one update that would appear as being necessary on every visit to the Windows update site. The update was KB837009 and was listed as “Cumulative Security Update for Outlook Express 6 Service Pack 1″…
-
Microsoft was aware of the WMF vulnerability “for years”
Bugtraq has an interesting post which picks up on a note in Stephen Toulouse’s latest entry on the WMF vulnerability. When I first read the post I was more interested in the way he was responding to allegations of the flaw being an intentional backdoor, but the above bugtraq post points out and makes points on an implication that I missed….. (emphasis is mine…)
“The potential danger of this type of metafile record was
recognized and some applications (Internet Explorer, notably)
will not process any metafile record of type META_ESCAPE,
the overall type of the SetAbortProc record.” -
Google Search Boxes
I’ve been tinkering with placement of Google Search boxes on the site. These days, with a google search box in Firefox, I don’t think about the convenience factor of putting it in the page too much, but…. At one point I had the box in the sidebar and it did strange rendering things for Internet Explorer, I think the new placement(s) shouldn’t give any problems.
-
WMF exploit vs. Windows 98 again…
If you’ve visited here in the last few days, you’ll have noticed that I’ve been trying to test the WMF exploit against a Windows 98 Virtual machine since January 1st. I initially started out with a default install, which didn’t work, (for the exploit), then added irfanview (didn’t work), tried the exploit as a jpg, gif, htm, doc file extension, (didn’t work) and then this morning saw that I’m not the only one that’s been testing this….
-
Network Security guide for the home or small business network – Part 20 heterogeneous networks
One thing I’ve already mentioned in this serious is using alternative programs like Mozilla Firefox instead of Internet Explorer, or Thunderbird, Eduora instead of Outlook Express. Even if you’re not using alternative software as your primary web browser, email program there are advantages to having networks with mixed software, operating systems and even mixed network hardware. Back when the blaster worm hit, there were stories of businesses paralyzed when every Windows XP machine in the place (read – EVERY machine in the place) could not stay up long enough to download a fix. In order to get a fix they had to get online to find out about it and it was crashing within 30 seconds of booting.
-
http://60.topnssearch.com popups in infestation
One other note from the previous series on WMF exploit infestation cleanup. Among the multiple popups that came when launching internet explorer, most were directed at the site http://60.topnssearch.com –