Posted on 01/10/2005 12:27:50 PM PST by Born Conservative
Secunia recommends users drop IE and use an alternative browser. "Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible," the security firm said in a statement.
Millions of Internet Explorer 6 users are at risk from three "extremely critical" security holes that give hackers open access to PCs running the browser -- even if Windows XP Service Pack Two has been installed.
The first issue centers on the browser's drag-and-drop capability, which does not validate new files correctly.
This means that, potentially, a document downloaded from a Web page using drag and drop may contain malicious code.
The other problems affect all Windows systems, including those protected by Local Computer zone lockdown, which comes with SP2.
The first allows specially designed (.hhk) files to be used to include malicious code on systems, and the second stems from a zone restriction error that could allow code to be downloaded from Web sites involuntarily.
At least one of the flaws was reported to Microsoft (Nasdaq: MSFT) last year, but no patches have so far been made available.
Security firm Secunia has released an advisory warning that the holes are "extremely critical" and recommends users dump IE and use an alternative browser.
"Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible. Through the joint effort of Michael Evanchik and Paul from Greyhats Security a very critical vulnerability has been developed that can compromise a user's system without the need for user interaction besides visiting the malicious page," Secunia warned in a statement.
Stop the presses ...
In other news, it is reported that the sun rose in the east this morning.
Ya THINK?
yawn...
The entire message sent: "Merry Christmas".
I am still attempting to straighten out that mess.
Hmmm. I think I see your problem
bump
Uh, I see you're here already. DUH!
Sounds more like Yoohoo Messanger than IE.
My kids use AOL Messanger. That thing is one big spyware magnet.
Obligatory bump.
I got a new PC with Windows XP.
It is fighting me as I try to turn off and uninstall Windows Messanger. I do it and when I reboot there it is again.
Bill Gates has created this mess but forcing things upon the consumer.
I use FireFox but it locks up on me. Locked up twice today. I have to kill the process and then re-launch.
You can run MSCONFIG and stop any Windows service from starting up, including MSMessanger. There are numerous web sites which can show you how to run this program and what all the services do.
At this point your options would be to...
1. Disable the Windows Messenger service, or
2. Do an unattended install of Windows XP WINNT.SIF file with the setting "WMAccess = off" in the [Components] section.
The entire message sent: "Merry Christmas".
They probably thought you had the W32.ERKEZ.D virus.
It sends out e-mails with "Merry Christmas" (among other things) in its subject line. They are probably just flagging anything with "Merry Christmas" in the subject line rather than looking at the contents of the e-mail.
I have been getting pummeled by e-mails from Italy with "Buon Natale" in the subject line and return e-mails with it in the body, apparently with my address spoofed in the From: address.
I can cut these off at the mail server, but it's a real pain. I'm getting something like 100MB of these e-mails a day.
You got that right. But try to get them to stop IMing. These kids type faster than my secretary.
Powder..Patch..Ball FIRE!
Where is the M$ bucket brigade to tell us how good Inferior Deplorer is?
He forced you to buy it, did he???
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.