Date: Thu, 20 Dec 2001 17:33:13 -0500 (EST) To: motd-system at panix.com
(The following article has been automatically mirrored from MOTD)
(Posted by Ed Ravin [staff]) Thu, Dec 20 2001 -- 5:31 PM --------------------------------------------------------------------------- Multiple Windows Security Problems
All Windows users should read this notice carefully. In the last two days, two major security vulnerabilities with Microsoft Windows products were announced.
Vulnerability #1 means that your computer can be compromised simply by viewing email or accidentally visiting a malicious web site. The vulnerability works by bypassing warnings that you are going to run a .EXE or other executable file.
Vulnerability #2 means that any Windows XP system plugged into the Internet can be fully compromised by anyone in the world. Windows XP was released in late October and is likely to be preinstalled on recently purchased computers.
Panix urges all affected customers to upgrade their machines immediately, as instructed by Microsoft's advisories (see below). We further recommend that customers explore alternatives to MS Outlook and Internet Explorer, as we believe both products will continue to be vulnerable to these kinds of issues.
Here are links with more information and patches:
(1) - Internet Explorer 6.0 and/or Outlook allow execution of
malicious code:
http://www.microsoft.com/technet/security/bulletin/MS01-058.asp
http://www.cert.org/advisories/CA-2001-36.html
(2) - Windows XP (and some ME/98) can be remotely exploited via buggy
UPNP service.
http://www.microsoft.com/technet/security/bulletin/MS01-059.asp
http://dailynews.yahoo.com/h/ap/20011220/tc/microsoft_hackers.html
http://www.eeye.com/html/Research/Advisories/AD20011220.html
--- Public Access Internet & UNIX [panix.com]