Re: CRIME FW: 2 Apr NIPC Daily Report

From: Alan (alan@private)
Date: Tue Apr 02 2002 - 11:02:25 PST

  • Next message: George Heuston: "FW: CRIME FW: 2 Apr NIPC Daily Report"

    On Tuesday 02 April 2002 10:05, George Heuston wrote:
    
    > Critical holes in Microsoft Internet Explorer. Microsoft released a
    > patch for a pair of "critical" security holes in its Internet Explorer
    > Web browser.  The browser patch corrects two flaws. The first makes it
    > possible for a malicious hacker to place code on a Web surfer's PC by
    > way of a cookie.  The flaw allows a script embedded in a cookie to be
    > saved outside the secure area on the PC's hard disk. The code can then
    > be triggered the next time the surfer visits the site.   The second flaw
    > allows a malicious programmer to include code on a Web site that
    > automatically executes programs already present on a surfer's PC.
    > Microsoft rated both flaws "critical" and advised PC users running
    > version 5 through 6 of Internet Explorer to promptly download the new
    > patch.  Microsoft continues to investigate a recently publicized hole in
    > the software-debugging component of Windows NT and Windows 2000.
    > Malicious users could take advantage of the flaw in the debug tool to
    > gain elevated privileges on a server running either of the operating
    > systems. They could then access, modify and delete otherwise protected
    > files.  (CNET News.com, 1 Apr)
    
    Before applying this patch, you might want to look at: 
    http://www.theregus.com/content/4/24500.html
    
    Seems there are problems with the patch.  (Like, being next to useless.)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:41 PDT