[Am-info] Microsoft discloses 'critical' security flaws!!

Fred A. Miller fmiller@lightlink.com
Sun, 25 Aug 2002 19:56:45 -0400 

Microsoft discloses 'critical' security flaws!!

All Windows users should make sure they install the Windows
Updates as they are made aware of them.

    Goto Start, Run, Windows Update -> PRODUCT UPDATES -> CRITICAL UPDATE=
S
and download the updates and reboot.  Do this as many times as there are
more to install.  Make sure to also install the CRITICAL UPDATE NOTIFIER
so you will get a popup every time there is a new Windows update to
install.

Fred

http://www.cnn.com/2002/TECH/internet/08/23/microsoft.security.reut/index=
=2Ehtml

Microsoft discloses 'critical' security flaws Office, IE lapses put
millions in danger of being hacked!

SEATTLE, Washington (Reuters) -- Microsoft Corp. said Thursday that
"critical" security lapses in its Office software and Internet Explorer
Web browser put tens of millions of users at risk of having their files
read and altered by online attackers. The world's No. 1 software maker
said that an attacker, using e-mail or a Web page, could use Internet
related parts of Office to run programs, alter data and wipe out the hard
drive as well as view file and clipboard contents on a user's system.
Office is a software product that runs on Windows and is used to write
documents and crunch numbers. "Microsoft is committed to keeping
customers' information safe, and is providing a patch that eliminates
three vulnerabilities in Office Web Components," Microsoft Security
Program Manager Christopher Budd said in an e-mail. In addition, Microsof=
t
reported vulnerabilities in the three latest versions of its dominant
Internet Explorer browser software that allows infiltrators to read files=
=2E
Microsoft urged users to fix the glitches by downloading software patches
from Microsoft's TechNet Web site (http://www.microsoft.com/technet).
"It's important that users get the patch," said Russ Cooper, head of
security at TruSecure Corp., a computer security company, and editor of
NTBugTraq. "Typically with these types of issues it will be six to nine
months until we see a massive attempt to start exploiting it," Cooper
said, adding that a preemptive patch was critical. Since Office is used b=
y
at least 100 million users, the risk of widespread attacks was
significant, Cooper said.

Another security headache The security warnings are the latest headaches
for the Redmond, Washington-based software company. Microsoft, shaken by
break-ins to its system and vulnerabilities in its software, launched a
"trustworthy computing" campaign earlier this year to improve the securit=
y
of all of its software. Since that initiative, which chairman Bill Gates
said had cost the company $100 million so far this year, Microsoft has
issued at least 30 security bulletins for flaws in its software. Last
week, security experts reported serious flaws in the Internet Explorer
browser and a complementary encryption program that could expose credit
card and other sensitive information of Internet users. The Office-relate=
d
programs vulnerable to attacks include Microsoft Office 2000, Office XP,
Money 2002, Money 2003, Project 2002 as well as server software related t=
o
such client software, Microsoft said. Microsoft said it is not aware of
any specific security breaches or the amount of any potential damage that
might have occurred due to vulnerabilities in its software.

--=20
If you listen on a quiet nite you, can hear
the sound of a Windows 2000 Server reboot.