Skip navigation

WinInfo Daily UPDATE, December 29, 2004

This email newsletter comes to you free and is supported by the following advertiser, which offers products and services in which you might be interested. Please take a moment to visit this advertiser's Web site and show your support for WinInfo Daily UPDATE.

Free Patch Management White Paper from St. Bernard Software

Sponsor: St. Bernard Software

Free Patch Management White Paper from St. Bernard Software
Successful patch management is a core component of maintaining a secure computing environment. With a growing number of patches being released by Microsoft weekly, IT administrators must be vigilant in assuring that the machines on their networks are accurately patched. Although Microsoft offers tools to assist administrators with the tasks of patching, they are often time-consuming and far from comprehensive. However there are solutions on the market that can reliably and accurately automate the tasks involved in successful patch management. In this free white paper, learn more about the patch management dilemma and patch management solutions. Download this free white paper now!


In the News

- New Critical Flaws Discovered in Windows

==== In the News ====

by Paul Thurrott, [email protected]

New Critical Flaws Discovered in Windows

Microsoft is investigating three new unpatched Windows flaws that security researchers have described as highly critical. Xfocus, a group of security researchers from China, first reported the flaws on the Bugtraq security mailing lists over the holiday weekend
The three flaws exist in the LoadImage API, the Windows animated cursor (.ani) file type, and the Windows Help parser. All three flaws are present in all modern Windows versions, including Windows Server 2003, Windows XP, Windows 2000 Server, and Windows NT 4.0. However, XP Service Pack 2 (SP2), which is widely acknowledged as the most secure client version of Windows that Microsoft has yet made, is susceptible to only two of the three flaws.
Like earlier image-format-based vulnerabilities, the LoadImage flaw could be exploited by a malicious Web page or HTML email message that displays a specially made image file, icon, or cursor. Victims could find their machines remotely controlled by malicious hackers. Attackers can use the animated cursor flaw to crash or freeze a victim's machine, security researchers say. This flaw doesn't affect XP SP2. The final flaw, involving the way Windows parses Help files, triggers a buffer overflow error that could help hackers remotely control a PC. However, a victim has to open a malicious Help file via the Internet or email to allow an attacker to exploit the flaw.
Security researchers at Secunia have described the flaws as highly critical and are advising users not to visit untrusted Web sites. For its part, Microsoft says that it's investigating the flaws, but the software giant also voiced its concern that Xfocus publicly revealed the flaws before alerting Microsoft. "Microsoft is disappointed that Xfocus took actions that could put computer users at risk by not following the commonly accepted industry practice of privately reporting security vulnerabilities to software vendors," a Microsoft spokesperson said. The company says that no known exploits for these vulnerabilities currently exist but that it will release fixes for these flaws as soon as possible.

==== Announcement ====

(from Windows IT Pro and its partners)

Are You a Hacker Target?

You are if you have an Internet connection faster than 384Kbps. In this free on-demand Web seminar, Alan Sugano will examine two attacks (an SMTP Auth Attack and a SQL Attack) that let spammers get into the network and relay spam. Find out how to keep the hackers out of your network, and what to do if your mail server is blacklisted as an open relay. Register now!

==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro: )

Get Expert Advice on Implementing a Service Management Plan

Our expert panel delivers tips, techniques, and insight to get you closer to a service management plan in this free on-demand Web seminar. Get real-world perspectives on industry trends, examples of how to leverage service management for maximum results, and how to implement a plan for your business. Register now!

====Sponsored Link ====

Data Protection from NSI and Microsoft

Instant recovery and data protection solutions for Exchange and SQL servers;12746138;8214395;l?

==== Contact Us ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!

Manage Your Account

You are subscribed as #EmailAddr#.
You are receiving this email message because you subscribed to this newsletter on our Web site. To unsubscribe, click here:

View the Windows IT Pro privacy policy at

Windows IT Pro is a division of Penton Media Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media Inc. All Rights Reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.