from Arie Slob's newsletter
ken
Microsoft Issues New Security Patch, Fights 'Zero-Day' exploits
by Arie Slob
Hello Windows users,
On the 26th September Microsoft issued a patch for a very serious security
issue that affects Internet Explorer 5 & 6.
For details please see Microsoft's security Bulletin MS06-055.
The patch fixes a critical vulnerability in the way Internet Explorer (and some
versions of Outlook) renders VML (Vector
Markup Language) graphics.
According to Verisign's iDefense Rapid Response Team there are already over
3,000 Web sites infecting users with malware
that exploited the VML bug. By persuading a user to access a specially crafted
HTML document, a remote, unauthenticated
attacker may be able to execute arbitrary code with the privileges of the user
or cause a denial of service condition in
Internet Explorer.
On the 5th October Microsoft updated the MS06-055 security bulletin to include
Microsoft Windows 2000 Service Pack 4 as
being affected.
Microsoft is also currently investigating another vulnerability for which
exploit code already exists. This time the
vulnerability is in Windows Shell that - when exploited - could allow remote
code execution. Microsoft have issued a
Security Advisory 926043 in which they state that they are currently working on
a security patch which is scheduled to
be released October 10th as part of the 'normal' monthly patch cycle.
But that's not all... Microsoft is also investigating public reports of limited
'zero-day' attacks using a vulnerability
in Microsoft PowerPoint 2000/2002/2003, as well as Microsoft PowerPoint 2004
and v. X for Mac.
A 'zero-day' attack is an exploit that is being released before or on the same
day that the vulnerability becomes public
knowledge.
You can read more about PowerPoint vulnerability in Microsoft Security Advisory
925984.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.407 / Virus Database: 268.13.0/465 - Release Date: 06/10/2006
--
----------------------------------------
WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html
Contact the List Owner about anything: [EMAIL PROTECTED]
Official Win-Home List Members Profiles Page
http://www.besteffort.com/winhome/Profiles.html
