- IE flaw affects Windows XP, 2000, NT, 98, and Me
The most critical risk Microsoft identified in its notices this month involves the converter that’s used by Internet Explorer and other applications to save files in HTML format. By sending a special e-mail to users or enticing them to visit a malicious Web site, an attacker can run code on the users’ machines. The attacker’s program would enjoy only whatever privileges the user has, but that could be a lot. The problem doesn’t affect Windows Server 2003 in its default configuration, but Microsoft’s patch prevents the issue from arising even if Server 2K3′s configuration is altered. More info
- SMB (Server Message Block) protocol puts XP, 2000, and NT at risk
SMB is a standard Internet protocol that Windows uses on a network to share files, ports, printers, and to communicate using named pipes and mail slots. The latest flaw allows an attacker to cause a buffer overrun, enabling him or her to run code. Fortunately, the attacker couldn’t operate anonymously and would have to have been authenticated by the affected server. But installing the Microsoft patch eliminates this possibility. More info
- Accessibility utility allows insiders to gain Win 2K privileges
The Utility Manager is a Windows 2000 utility that allows users to check the status of Accessibility options and to start and stop them. Persons who can log on to a Windows 2000 system can take advantage of a weakness in the utility to escalate their privileges to tha
NEW: The Data and Internet Security Guide (Vol2)
The Internet can be a dangerous place. We think these security guides, based on stories from the Windows Secrets archives, can help you make it significantly safer.
Get this newly released volume and check out the full collection!
- WS Security Baseline
- Protect your data
- Prevent and remove malware