WinInfo Daily UPDATE--A Sweeping Set of Security Fixes--July 14, 2004

WinInfo Daily UPDATE--For July, a Sweeping Set of Security Fixes--July 14, 2004

This Issue Sponsored By

Oracle Database 10g Standard Edition;8737581;9540952;y?

Sponsor: Oracle Database 10g Standard Edition

Get 24/7 availability at an economy price. Oracle Database 10g Standard Edition includes Real Application Clusters for 24/7 availability at the lowest cost. With RAC, every server actively handles user requests, so you save nearly $5,000 per CPU. You also save 50% on hardware. Click for a free Oracle two-day DBA self-study course.;8737581;9540952;y?


In the News

- For July, a Sweeping Set of Security Fixes

==== In the News ====

by Paul Thurrott, [email protected]

For July, a Sweeping Set of Security Fixes

After 2 months in which Microsoft released only a smattering of security fixes, the company on Tuesday issued seven security patches, two of which it identified as critical. However, the software giant still hasn't fixed a set of glaring problems with Microsoft Internet Explorer (IE), its dominant Web browser that has come under increasing attack in recent weeks.

The two critical fixes address problems with Windows components, including the Task Scheduler and HTML Help; both problems affect numerous Windows versions. And in both cases, a successful exploit could lead to remote users running code on infected systems, leading Microsoft to label them as critical vulnerabilities.

A third fix, which patches an important security vulnerability in Windows NT 4.0 Service Pack 6a (SP6a), relates to that system's Microsoft IIS component. A successful exploit of this bug could also let an attacker take over the system, Microsoft said.

Another important patch, which affects Windows Server 2003, Windows XP, Windows 2000 Server, and NT 4.0 fixes a bug that can be exploited only when a malicious user gains a valid logon with Administrator privileges. By using a flaw in the Windows shell, that user could remotely take control of the machine.

All the fixes are available through the usual Microsoft software patch systems, including Windows Update and Automatic Updates. Administrators and others looking for more information about all seven patches should refer to the Microsoft Web site ( ).

In related news, Microsoft on Tuesday released a tool that will remove the Download.Ject virus from infected computers. Earlier this month, the virus, which exploits a still-unpatched hole in IE, caused security researchers to start warning users to avoid Microsoft's bug-ridden browser. The tool is available for free download from the Microsoft Web site ( ).

==== Announcement ====

(from Windows & .NET Magazine and its partners)

New! The Shifting Tactics of Spammers: How to Stop the Newest Email Threats

Stopping new spam techniques requires detection and prevention in real time at the SMTP connection point. In this free Web seminar, you'll learn how spam filters operate as well as real-world examples of spammers new attacks and threats so that you can learn what you must do to protect your organization. Register now!

==== Events Central ====

(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

New! Extending Microsoft Office with Integrated Fax Messaging

Are you "getting by" using fax machines or relying on a less savvy solution that doesn't offer truly integrated faxing from within user applications? Attend this free Web seminar and learn what questions to ask when selecting an integrated fax solution, discover how an integrated fax solution is more efficient than traditional faxing methods, and learn how to select the fax technology that's right for your organization. Register now!

==== Sponsored Links ====


Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring UPDATE -- [email protected]


Windows & .NET Magazine a division of Penton Media Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media Inc. All Rights Reserved

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.