Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

CNET: "New Year, old flaws in Windows, Internet Explorer"

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » The DU Lounge Donate to DU
 
Bush_Eats_Beef Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jan-21-05 09:22 PM
Original message
CNET: "New Year, old flaws in Windows, Internet Explorer"
http://reviews.cnet.com/4520-3513_7-5621335-1.html?tag=cnetfd.sd

If you thought upgrading to Windows XP SP2 would end your Windows security nightmares, think again. Last Tuesday, Microsoft released three new security bulletins for 2005, including one critical patch for Windows XP SP2, last year's much-touted security upgrade of the Windows XP operating system. While Windows XP SP2 recompiled most of the basic system files to better protect you from malicious buffer overflows, the flaw in MS05-001 involves ActiveX, Microsoft's clever answer to Sun's Java technology. The two other vulnerabilities announced as part of the January monthly update release don't affect Windows XP SP2.

The other critical flaw patched by Microsoft last Tuesday also involves Internet Explorer--all versions. Should you surf to a page containing a maliciously formed cursor or icon, you may find yourself controlled by a remote cracker. MS05-002 is rated critical, in part, because there are already working exploits out on the Internet. Once an exploit is available, it is often only a matter of time before someone finds a way to create a virus or a worm from it. Trend Micro has an independent security assessment of this vulnerability.

Finally, the third patched flaw concerns the Windows indexing service, which is by default turned off on Windows XP and Windows Server 2003. Because of that, Microsoft has given MS05-003 its second-highest rating of "important."

Mozilla Firefox has been designed to run without ActiveX. But in all fairness, now that people are rushing to install Firefox, more and more flaws have been announced. Still, the flaws discovered in Firefox pale against those that exist in Internet Explorer. For one thing, given that there are exploits for at least one of these new vulnerabilities, we know that criminal hackers are interested in attacking IE. When there's a worm spreading exclusively via Firefox, I'll let you know.

SEE ALSO "Firefox flaw raises phishing fears," http://news.zdnet.com/2100-1009_22-5517149.html
Printer Friendly | Permalink |  | Top

Home » Discuss » The DU Lounge Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC