That's a bit garbled, Andy. There is newly-reported vulnerability in Internet Explorer: when displaying a Web page that contains an unexpected createTextRange() method call to an HTML object, your PC's memory may be corrupted in such a way that an attacker could execute arbitrary code. This means that rootkits and/or keyloggers could be installed on your PC without your knowledge or consent. Several malicious web sites designed to exploit this vulnerability have been reported.
For this to happen 1. Internet Explorer's Active Scripting must be enabled 2. you must direct Internet Explorer to visit a malicious web site There is no way for an attacker to force you to visit a malicious site. There is no exposure in opening an email attachment or previewing an email messsage. However, navigating to a URL contained in a received email message or attachment could lead you to a malicious site. My understanding is that Microsoft will include a patch for this vulnerability in their April 12th security release. They claim to be monitoring the proliferation of malicious web sites, and say they will accelerate the patch release if necessary. Until then, be careful with URLs you don't recognize. Here's the URL for the relevant Microsoft Security Advisory: http://www.microsoft.com/technet/security/advisory/917077.mspx (its not malicious!) 73, Dave, AA6YQ http://www.microsoft.com/technet/security/advisory/917077.mspx --- In [email protected], "Andrew O'Brien" <[EMAIL PROTECTED]> wrote: > > From the BBC > > Microsoft warns on browser bugs > > Visit the wrong website and your computer could be compromised > Microsoft has urged consumers to be wary as three newly discovered > bugs leave people open to attack while using the internet. > All three flaws affect the software giant's Internet Explorer browser. > > Security firms said the vulnerabilities were already being targeted by > malicious hackers keen to catch out unsuspecting users. > > Microsoft said it would produce patches for the vulnerabilities in its > next security update due on 11 April. > > Attack vector > > The first of the problems discovered in Internet Explorer will simply > make the browser program crash if it is used to visit a specially > crafted webpage. > > The other two vulnerabilities are potentially more serious because > they can be used to take control of a victim's computer. > > Security firms said specially written websites and hijacked servers > were already being used to host the malicious code that uses the > loopholes to invade vulnerable machines. > > In security bulletins about the trio of bugs, Microsoft played down > the threat and said: "The attacks are limited in scope for now." > > Microsoft usually issues security updates on the second Tuesday of > every month and its security team is working towards this date, 11 > April, to produce patches for the bugs. However, it said the patches > would be released earlier if the threat grew significantly. > > Those using the patched versions of IE bundled with Windows 2000, > Windows XP and Windows Server 2003 are vulnerable to these bugs. > People trying out the Beta 2 version of Internet Explorer 7 are safe. > > To avoid falling victim, Microsoft urged users to avoid websites they > did not trust and to refrain from opening attachments on e-mail > messages from unknown senders. > > > > > -- > Andy K3UK > Fredonia, New York. > Skype Me : callto://andyobrien73 > Also available via Echolink > Need a Digital mode QSO? Connect to Telnet://cluster.dynalias.org Other areas of interest: The MixW Reflector : http://groups.yahoo.com/group/themixwgroup/ DigiPol: http://groups.yahoo.com/group/Digipol (band plan policy discussion) Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/digitalradio/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
