Fwd: Multiple Windows Security Problems

Doug Henwood dhenwood at panix.com
Fri Dec 21 08:06:10 PST 2001


[as a public service, we offer you Panix' MOTD]

Date: Thu, 20 Dec 2001 17:33:13 -0500 (EST) To: motd-system at panix.com

(The following article has been automatically mirrored from MOTD)

(Posted by Ed Ravin [staff]) Thu, Dec 20 2001 -- 5:31 PM --------------------------------------------------------------------------- Multiple Windows Security Problems

All Windows users should read this notice carefully. In the last two days, two major security vulnerabilities with Microsoft Windows products were announced.

Vulnerability #1 means that your computer can be compromised simply by viewing email or accidentally visiting a malicious web site. The vulnerability works by bypassing warnings that you are going to run a .EXE or other executable file.

Vulnerability #2 means that any Windows XP system plugged into the Internet can be fully compromised by anyone in the world. Windows XP was released in late October and is likely to be preinstalled on recently purchased computers.

Panix urges all affected customers to upgrade their machines immediately, as instructed by Microsoft's advisories (see below). We further recommend that customers explore alternatives to MS Outlook and Internet Explorer, as we believe both products will continue to be vulnerable to these kinds of issues.

Here are links with more information and patches:

(1) - Internet Explorer 6.0 and/or Outlook allow execution of

malicious code:

http://www.microsoft.com/technet/security/bulletin/MS01-058.asp

http://www.cert.org/advisories/CA-2001-36.html

(2) - Windows XP (and some ME/98) can be remotely exploited via buggy

UPNP service.

http://www.microsoft.com/technet/security/bulletin/MS01-059.asp

http://dailynews.yahoo.com/h/ap/20011220/tc/microsoft_hackers.html

http://www.eeye.com/html/Research/Advisories/AD20011220.html

--- Public Access Internet & UNIX [panix.com]



More information about the lbo-talk mailing list