It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Microsoft Releases Security Update Microsoft Releases Security Update
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


Microsoft Releases Security Update
Reply
 
Thread Tools
Old 3rd July 2004, 16:13   #1
[M] Reviewer
 
Sidney's Avatar
 
Join Date: Mar 2004
Posts: 15,739
Sidney Freshly Registered
Default Microsoft Releases Security Update

July 2, 2004 05:45 PM EDT


NEW YORK - Microsoft Corp. issued an interim security update Friday to protect users of its nearly ubiquitous Internet Explorer browsers from a new technique for spreading viruses.

The update does not entirely fix the flaw that makes the spread possible, but it changes settings in Windows operating systems to disable hackers' ability to deliver malicious code with it.

The security measure came in response to last week's discovery of a computer virus designed to steal valuable information like passwords. Though its outbreak was mild, security experts said the technique for spreading it was novel and could be used to send spam or launch broad attacks to cripple the Internet.

Hackers had converted hundreds and possibly thousands of Web sites into virus transmitters by first hiding malicious code using a vulnerability with Microsoft's software for operating Web sites. A fix for it had been issued in April but was not universally applied.

Two other flaws in Microsoft products allowed hackers to direct Internet Explorer browsers to automatically run the virus when visiting an infected site.

Though one of those flaws remains unfixed, Friday's setting changes thwart any attack by prohibiting a Web application from writing files - such as the virus code - onto users' computers.

The U.S. Computer Emergency Readiness Team urged computer users to install the update, saying it would greatly increase protection. But the advisory warned other types of attack remain possible.

Stephen Toulouse, a security program manager at Microsoft, said the company still was working on a comprehensive patch to fix vulnerabilities with Internet Explorer, but the settings change should protect users from the immediate threat.

The software update covers Windows XP, Windows Server 2003 and Windows 2000, and Microsoft was working on ones for older systems.

The update will also be included with a major Windows XP upgrade, called Service Pack 2, later this summer. Toulouse said the Service Pack will include additional protections.

After installing Friday's update, users should be able to lower their security settings from the "high" one initially recommended as a stopgap, he said.

Russ Cooper, a senior researcher at TruSecure Corp., welcomed Friday's update, but said it should have come sooner than a week.

"It would have taken a couple of hours to put it together as a package, and (the testing) process can take a day or two," Cooper said.

But Toulouse said that given the broad user base for Windows and Internet Explorer, even a problem affecting less than 1 percent of users potentially hurts millions of customers.

He said the settings could potentially affect legitimate applications used internally by Web developers and corporate networks, and special instructions were available to address those cases.

The update will be automatically installed if computers are set to receive it. It is also available at http://windowsupdate.microsoft.com.

http://start.earthlink.net/newsartic...311_lead_story
__________________
lazyman

Opteron 165 (2) @2.85 1.42 vcore AMD Stock HSF + Chill Vent II
Sidney is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch jmke WebNews 0 14th April 2009 18:47
Microsoft Security Bulletin Summary for September 2008 jmke WebNews 0 9th September 2008 19:20
Microsoft Security Bulletin Summary for August 2007 jmke WebNews 0 14th August 2007 22:21
Microsoft Security Bulletin Summary for February 2007 jmke WebNews 0 14th February 2007 00:25
Microsoft Security Bulletin Summary for June 2006 jmke WebNews 0 14th June 2006 20:51
Microsoft to update final Windows 2000 patch Sidney WebNews 0 9th August 2005 00:22
HP and Microsoft Expand Security Solutions Portfolio Sidney WebNews 0 25th May 2004 06:28
AMD AND microsoft to provide customers new security technology jmke WebNews 0 29th February 2004 13:22

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 10:24.


Powered by vBulletin® - Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO