For All Users For Advanced Users
Microsoft has released a crucial update in order to patch three security holes:
Phishing Bug: A flaw in the way that Internet Explorer displays URLs in the address bar. By opening a specially crafted URL an attacker can open a page that appears to be from a different domain from the current location.
Download Extension Spoofing Flaw: Allows malicious Web sites to spoof the file extension of downloadable files. Typically, an attacker could embed a CLS (define) ID in a file name to fool users into opening malicious files as "trusted" file types.
Cross Site Scripting Vulnerability: Allows a malicious web site operator to misuse another web site as a means of attacking users.
Due to three security vulnerabilities in RealOne Player, hackers could seize control of users' computers under certain conditions. The specific exploits are:
by a SMIL file or other file.
Real Networks strongly urges users to apply the new security patch. Click here for security patch.
Linux kernel patch 2.6.
New Linux kernel patch 2.6.2rc2 is now available, and is recommended to patch two memory-handling security holes.
Mydoom Clears Path for Doomjuice
A new worm known as "Doomjuice" is expected to attack computers infected by "Mydoom." To date the new virus has infected at least 30,000 computers worldwide. Like Mydoom.A and Mydoom.B, the new worm is designed to strike Microsoft Corp.'s Windows operating systems and is programmed to launch a worldwide attack on the web site of SCO, one of the largest UNIX vendors in the world. Doomjuice does not spread via e-mail, but enters via backdoor left open by Mydoom.
Some viruses will pose as Microsoft software updates. Microsoft does not distribute updates of any kind via mass e-mail, and recipients should delete such e-mails without opening or previewing. Microsoft Windows users should utilize Windows Update. Note Windows XP operating systems will offer secure Microsoft-authorized updates via the following notification:
Microsoft's IIS is a common target for attackers due to information exposure and exploited buffer overflow vulnerabilities. Internet-borne worms such as NIMDA and Code Red thrive in such environments. Such attacks can be prevented with the use of Urlscan in conjunction with IIS Lockdown, which provides templates for the major IIS-dependant Microsoft products. IIS Lockdown Wizard works by turning off unnecessary features thereby reducing attack surface available to attackers. To provide defense in depth, or multiple layers of protection against attackers, URLscan, with customized templates for each supported server role, has been integrated into the IIS Lockdown Wizard.
DNS cache pollution can occur if Domain Name System spoofing has been encountered. This data can be redirected to an unauthorized DNS server which is likely malicious in nature. This will only affect customers running their own DNS server. Currently no patch from Microsoft is available, however possible solutions include making hard registry changes. Click here for detailed instructions to make these changes.
Microsoft Internet Explorer - ExecCommand Access Violation
The ExecCommand method could be used to allow script code to execute on a vulnerable system in the security domain of a website in another browser window. This occurs due to a violation of the browser security zone policy. A patch has been released and can be found by going to Windows Update.