The top alert that I think you need to know about this week isn’t from
Microsoft, it’s from RealNetworks. Versions of the company’s RealOne Player,
RealOne Enterprise Desktop, and RealOne Desktop Manager, if unpatched,
allow a malicious person to run code on a user’s PC if the user plays
an audio SMIL file.
With computer professionals still reeling from last week’s worm and virus
attacks, Microsoft just yesterday released warnings that there are “critical”
flaws in Internet Explorer 5 and 6 and “important” flaws in every recent
version of Windows.
I reported in my June 5 issue
that Microsoft’s Windows Update program can say that a PC requires no
updates when the machine, in fact, is in need of several. Reader
Jeremy Rosenblatt found that the system clock not being accurate can
trigger this behavior. Erroneous times are common when initially setting
up a PC.
My top story, above, concerns the dangerous new security hole that
allows an attacker to gain control of remote systems sending them packets on
common communications ports. In this section, I provide additional
Recent discoveries of security holes in Windows, one of them rated “critical,”
motivated Microsoft to release three new security bulletins on July 9.
Microsoft announced on June 8 that installing Windows Server 2003, either
the standard or the enterprise edition, can have the effect of
disabling printer drivers that work fine under Windows 95, 98, and Me.
I wrote in the
May 8 issue of Brian’s Buzz that Windows XP with Service Pack 1
suffers heavy performance problems after you install a patch Microsoft released
on April 16. (This patch is known as MS03-013.)
One of the worst IT nightmares is the perfect backup tape or disk
that tested fine when it was made, but won’t restore properly – or at all –
when its information is really needed.
The big news in Microsoft tech bulletins this month was the
XP, Internet Explorer, and Outlook Express patches that make up my
top story at the beginning of this issue. But there are plenty of other
alerts to deal with in the section below.
A newfound hole in Windows allows an unauthorized person
who logs on to a user or guest account to run code that can
elevate him or her to administrator. This wouldn’t concern
machines that are stored in locked rooms, but does make PCs that
various people have access to throughout the day vulnerable. The problem
(and the related patch) affects all versions of Windows XP, 2000,
and NT 4.0.