Posted on 04/15/2003 10:17:31 AM PDT by ShadowAce
A brace of Microsoft security vulns pose risks for both home users and corporates.
The more serious problem, involving Microsoft's virtual machine (Microsoft VM), which enables Java programs to run on Microsoft Windows, provides a mechanism for attackers to run amok on Windows PCs. Microsoft has released a fix designed to address the problem, which affects users of Windows 98, NT 4, Windows 2000, XP and Windows Me.
Attacks including "changing data, loading and running programs, and reformatting the hard disk", might be possible, according to the low-fat version of Microsoft's alert.
Well if that doesn't get consumers patching, what will?
The more technical version of this alert explains that the vuln arises through a flaw with the ByteCode Verifier component of the Microsoft VM. This makes the component "blind" to the presence of malicious code in Java applets.
Java applets are disabled within the Restricted Sites Zone, which reduces the risk if you're using a hardened version of Microsoft's email clients. That still leaves other infection routes for Windows users. No surprise then that Microsoft describes the flaw as critical.
An alert on the problem, which links to patches, can be found here.
Separately, Microsoft yesterday released patches designed to fix denial of service vulnerabilities involving Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000. Both issues are covered in the same alert.
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in ISA Server 2000 are subject to similar flaws, bot covered in the same alert. The upshot of both vulnerabilities is that internal ne'er do wells can send malformed packets that could cause servers to hang.
Patches, described by Microsoft as important, can be found be following links on the advisory here
|
Donating to the FreeRepublic will keep the bright beacon of Freedom shining so that our Troops and the world will know we stand with them. |
|
 |
Please join us.
FreeRepublic , LLC PO BOX 9771 FRESNO, CA 93794
|
|
It is in the breaking news sidebar! |
|
"Badges? Wee don' need no steenkin' badges!"
(Sadly, patches appear to be indispensible.) <|:(~
Don't kid yourself. Every OS patches itself quite routinely.
Sorry. I'm not, really. Some trolls around here enjoy labeling others as OS fanatics. I was just CMA :)
Yeah, but be careful. I installed the latest patch when it first came out, and my laptop (running XP Pro) has crashed a couple times. This didn't happen before. When it doesn't crash it now acts squirly, sometimes locking up for a couple of minutes at a time.
Time to apply the Ultimate Service Pack, then. :)
So, if you use Mozilla as your browser and mailer, and the Sun Java machine,(as I do) you should be less vulnerable. Still, I'll get the patch eventually.
I've been a not so happy Apple user for a few weeks now. Oh, I'm happy with the computers and the OS. I'm not happy with Al Gore being on Apple's board of directors.
Yeah, I've considered drastic measures more than once with this machine.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.