Microsoft released three security bulletins this week, two of them rated critical, one rated merely important.
While installing these security patches is advisable, it’s equally important for you to guard yourself against several vulnerabilities that as yet have no patches at
all. XP SP2 and other versions vulnerable to hacking
IE 6 allows a hacked Web site that a user visits to silently take control of the user’s PC, even if Service Pack 2 (SP2) has been installed on Windows XP, according to security firm Secunia. This threat, which emerged in December 2004, is as yet unpatched by Microsoft. What to do:
I recommend that, if you use IE 6, you configure the Internet Zone to High security. (In IE 6, click Tools, Internet Options, Security, Internet, Custom Level, High, OK, OK.) Only add those Web sites that you trust with active scripting to your Trusted Sites zone. Running IE with security on High will disable ActiveX and other techniques that some legitimate sites may use.
Secunia has posted a complete description of the problem and a useful Web-based test. The test allows you to check whether your browser is
affected. More info Almost all browsers at risk of pop-up takeovers
Another threat that emerged in December allows pop-up windows from legitimate Web sites to be taken over by hackers, according to Secunia. If a hacked Web site is visited first, pop-ups opened by a legitimate site visited by a user can be hijacked.
This problem leaves at least the following browsers wide open:
• Internet Expl