By laying out a linked series of six simple hacker techniques, a
volunteer researcher has shown that a Trojan horse
program can be deposited and run on a PC if a user merely views
a Web page in Internet Explorer 6 – even with all of Microsoft’s
latest service packs and security patches installed.
In keeping with its new policy of trying to release new security patches
only once a month instead of weekly (as I described in a
special report in the Nov.
6 paid version of Brian’s Buzz), Microsoft on Nov. 11
released two Windows patches rated “critical” and one rated “important.”
Microsoft has made what I consider the most significant changes in
its security-bulletin release policy since the beginning of security
bulletins. Instead of sending out Windows patches every week, as has
until recently been the case, the Redmond software giant now plans to
circulate new patches only once a month, on the 2nd Tuesday of each
month. (If a worm is running loose “in the wild,” Microsoft says it will
release a special patch immediately.)
I don’t ordinarily bore you with the details of every bulletin Microsoft
puts out. But in this case, it’s important for you to know about not one,
but four new security patches that Microsoft rated “critical” and
released on Oct. 15.
Microsoft posted an official notice on Sept. 18 anouncing the “Swen”
e-mail worm, also known as W32/Swen@MM. As I described earlier in this
newsletter in the Top Story section, above, this worm is one of a series
that has tricked intelligent Windows users into running an
infected e-mail attachment because the message body looks so much
like genuine, Microsoft-branded information.
This month has been an exceptionally heavy period for serious new Microsoft
warnings of holes and patches to close them, as you can see from the three
examples highlighted in the “other bulletins” section below. But the most
alarming news is that there’s another example of the same kind of hole
that produced the devastating Blaster worm this summer.
The top alert that I think you need to know about this week isn’t from
Microsoft, it’s from RealNetworks. Versions of the company’s RealOne Player,
RealOne Enterprise Desktop, and RealOne Desktop Manager, if unpatched,
allow a malicious person to run code on a user’s PC if the user plays
an audio SMIL file.
With computer professionals still reeling from last week’s worm and virus
attacks, Microsoft just yesterday released warnings that there are “critical”
flaws in Internet Explorer 5 and 6 and “important” flaws in every recent
version of Windows.
I reported in my June 5 issue
that Microsoft’s Windows Update program can say that a PC requires no
updates when the machine, in fact, is in need of several. Reader
Jeremy Rosenblatt found that the system clock not being accurate can
trigger this behavior. Erroneous times are common when initially setting
up a PC.
My top story, above, concerns the dangerous new security hole that
allows an attacker to gain control of remote systems sending them packets on
common communications ports. In this section, I provide additional