April 11, 2006 1:19 PM PDT

'Critical' megapatch sews up 10 holes in IE

Microsoft on Tuesday released a "critical" Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.

The Redmond, Wash., software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins. In addition, Microsoft delivered two bulletins for "critical" Windows flaws, one for an "important" vulnerability in Outlook Express and one for a "moderate" bug in a component of FrontPage and SharePoint.

"This patch release is a big one with lots of aftershocks," said Jonathan Bitle, a product manager at security company Qualys. "Three of the five updates, the IE and Windows updates, are especially critical as they take advantage of inexperienced users...Although a worm epidemic is unlikely, users can be easily enticed to visit malicious Web pages."

Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser. In all instances, an attacker would have to create a malicious Web site and trick people into visiting that site to hook into a PC, Microsoft said in its Security Bulletin MS06-013.

Microsoft rates its browser update "critical" for IE 5 and IE 6, the most-used versions of the popular software. IE is vulnerable on all current versions of the Windows operating system--Windows 2000, Windows XP and Windows Server 2003--as well as on the older Windows 98 and Windows Millennium Edition, the company said.

"An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system," Microsoft said in its alert. "We recommend that customers apply the update immediately." Windows users who have automatic updates enabled for the operating system will have the fixes delivered to them.

Microsoft had been under pressure to rush the IE patch out before Tuesday because miscreants were already exploiting one of the flaws. Third parties had even provided temporary fixes for this "CreateTextRange" bug, which experts said was being used by malicious Web sites to try to drop code such as spyware on vulnerable PCs.

According to Microsoft's bulletin, three of the 10 vulnerabilities fixed by the update had been publicly disclosed. Only the CreateTextRange flaw was being exploited in attacks, the software maker said.

But Symantec has information that three of the flaws were already being exploited in attacks prior to Microsoft's patch release. More attacks are likely to follow, Oliver Friedrichs, a director at Symantec Security Response, said in a statement. "According to the latest Symantec Internet Security Threat Report, the average time between the release of a security patch and the development of an exploit is six days," he said.

Holes in Windows
In a double-whammy for Windows users, all versions of the operating system vulnerable to the IE problems are also affected by two other "critical" flaws, Microsoft said. These holes could also allow an intruder to commandeer a PC. One is related to a specific ActiveX control, a kind of Web program, (MS06-014), and the other deals with a bug in Windows Explorer (MS06-015).

In these cases also, an intruder would have to build a special Web page to take advantage of the security hole. Some of the vulnerabilities in Windows and IE could also be exploited using an HTML e-mail, which essentially is a Web page sent in an e-mail message.

Users of Outlook Express face an additional security risk, in that the e-mail application is flawed in the way it handles Windows Address Book files. Opening a specially crafted WAB file can result in execution of malicious code, giving an attacker control of the Windows PC, Microsoft said in Security Bulletin MS06-016.

The Windows bugs as well as the Outlook Express flaw were reported privately to Microsoft and have not been used in any attacks, the company said.

The last of the five security alerts issued by Microsoft, MS06-017, affects the lowest number of users and is deemed a "moderate" risk. The cross-site scripting flaw in FrontPage Web site building software and SharePoint collaboration software could lead to a system compromise, the company said.

Eolas tweaks
The IE update, in addition to security fixes, makes a change to the way IE handles ActiveX controls. These tweaks are a response to a long-running patent dispute between Microsoft and Eolas Technologies, a start-up backed by the University of California. The changes can affect how certain sites display in the browser.

People who need more time to adjust to the ActiveX changes can download a special patch that will disable them for two months. This "compatibility patch" is specifically designed for businesses that may have homegrown applications that use ActiveX, Microsoft has said.

See more CNET content tagged:
bulletin, vulnerability, flaw, cyberattack, bug

95 comments

Join the conversation!
Add your comment
Automatic Updates
Has anyone seen this "megapatch" come through yet? None of my XP machines (all running SP2 and set to auto-update) have downloaded any update at all today. I guess it's probably available from Windows Update if you're in a real big hurry to get it. Just curious.
Posted by supercoolpcguy (20 comments )
Reply Link Flag
yes - it's in
i didn't notice it until i read the story, but the updates were on my system ready to install since this morning.
Posted by ruykava (41 comments )
Link Flag
Auto Updates Are Staggered
Microsoft staggers the autoupdates to avoid swamping their servers. You will eventually get the autoupdate if you have it turned on, but don't count on the update happening 1 minute after a patch is released.
Posted by Stating (869 comments )
Link Flag
Automatic Updates
Has anyone seen this "megapatch" come through yet? None of my XP machines (all running SP2 and set to auto-update) have downloaded any update at all today. I guess it's probably available from Windows Update if you're in a real big hurry to get it. Just curious.
Posted by supercoolpcguy (20 comments )
Reply Link Flag
yes - it's in
i didn't notice it until i read the story, but the updates were on my system ready to install since this morning.
Posted by ruykava (41 comments )
Link Flag
Auto Updates Are Staggered
Microsoft staggers the autoupdates to avoid swamping their servers. You will eventually get the autoupdate if you have it turned on, but don't count on the update happening 1 minute after a patch is released.
Posted by Stating (869 comments )
Link Flag
Update causes Explorer bug
Security Update MS06-015 installs a new file called 'Verclsid.exe'. Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer.

However, Verclsid.exe appears to break some fuctionality in Windows explorer. This program does not run always, but when it is running you are unable to expand folders in the Windows explorer tree view. When you click on the plus sign next to a folder in the tree view; the busy cursor appears, but the folder never expands. However, if you kill the Verclsid.exe application with Task Manager, the folder(s) you've tried to expand will immediately do so the instant Verclsid.exe stops running. And when it is not running, Explorer expands folders normally.
Posted by Computer_Guru_SD (6 comments )
Reply Link Flag
hmm, I'll wait on the update then as we use Firefox
AT least until we find out if that is isolated or widespread
Posted by techguy83 (295 comments )
Link Flag
More possible bugs...
I've done some more testing and when Verclsid.exe is running it causes a lot of bad behavior. It basically can make both Windows Explorer and Internet Explorer a pain to try to use. In Windows Explorer, I've noticed that it makes the 'send to' context menu useless (it won't come up until Verclsid.exe is killed). And in Internet Explorer, it makes the address bar fail... you can type an address into it and hit enter, but nothing happens. The instant you kill Verclsid.exe, however, IE will navigate to the page you entered. I've waited 5 minutes to see if either the Windows Explorer folders expand or IE navigates to the page I've entered, and neither happens until I kill Verclsid.exe
Posted by Computer_Guru_SD (6 comments )
Link Flag
A few things amiss with this Verclsid.exe
Looking at my system, I find a couple of things amiss with this Verclsid.exe problem. This is on a WinXP system, IE v6.0 with default settings and yesterday's updates installed:

1. I find no instance of Verclsid.exe in Task Manager. Not surprisingly, the address box in IE and Windows Exploder both work fine.

2. A Windows Search reveals four of the little rascals somewhere in the Windows folder, all dated 3/16/06. Looking at my Update History on the Windows Update site, I didn't update anything on 3/16. I updated four Windows Updates on 3/04 and the Malicious Software Removal Tool on 3/22.

3. Of the seven updates yesterday, none of them (nor the ones on 3/04) are MS06-015. In fact, going all the way back to last September, all of the updates start with "KB".

Thinking that maybe they changed their numbers when transferred to the History area, I first made an image file of my C Drive with TrueImage, then reinstalled an image file from a month ago, went back to the Windows Update site and all of the present updates start with "KB".

So it seems to me the question is, where did this "MS" update come from? And, since I don't have the Automatic Updates turned on, where did Verclsid.exe come from on 3/16?

And what makes this even more interesting is that I just now went over to Google and a search for "Verclsid.exe", then just "Verclsid", turned up exactly zero hits. This, all by itself, is extremely unusual. If this thing has been around since (at least) 3/16, surely someone would have written about it by now, and especially if it created problems.

Mystery of mysteries!
Posted by Joe Bolt (62 comments )
Link Flag
Re:Update causes Explorer bug
For some reason windows explorer kept malfunctioning on my computer after I installed the Security Update MS06-015 and the window that says "windows explorer encountered an error" would usually appear, but after I removed the update it appears to be much more stable and I have not encounted that error since. I'll refuse to install that update until microsoft addresses MS06-015 security patch stability issues.
Posted by dml316f5 (2 comments )
Link Flag
verclsid.exe is a big problem. Thanks, Bill!
A friend asked me to look at his XP laptop because it was running slow and Windows Explorer quit working. As the previous comment describes, it opens and then just hangs. I found over 20 copies of verclsid.exe running, eating up memory and CPU. When I killed them all, Windows Explorer started working again. I am glad I have not yet applied the April XP updates and will not until this is fixed. We love you too, Bill!
Posted by 2nerdy2live (2 comments )
Link Flag
Update causes Explorer bug
Security Update MS06-015 installs a new file called 'Verclsid.exe'. Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer.

However, Verclsid.exe appears to break some fuctionality in Windows explorer. This program does not run always, but when it is running you are unable to expand folders in the Windows explorer tree view. When you click on the plus sign next to a folder in the tree view; the busy cursor appears, but the folder never expands. However, if you kill the Verclsid.exe application with Task Manager, the folder(s) you've tried to expand will immediately do so the instant Verclsid.exe stops running. And when it is not running, Explorer expands folders normally.
Posted by Computer_Guru_SD (6 comments )
Reply Link Flag
hmm, I'll wait on the update then as we use Firefox
AT least until we find out if that is isolated or widespread
Posted by techguy83 (295 comments )
Link Flag
More possible bugs...
I've done some more testing and when Verclsid.exe is running it causes a lot of bad behavior. It basically can make both Windows Explorer and Internet Explorer a pain to try to use. In Windows Explorer, I've noticed that it makes the 'send to' context menu useless (it won't come up until Verclsid.exe is killed). And in Internet Explorer, it makes the address bar fail... you can type an address into it and hit enter, but nothing happens. The instant you kill Verclsid.exe, however, IE will navigate to the page you entered. I've waited 5 minutes to see if either the Windows Explorer folders expand or IE navigates to the page I've entered, and neither happens until I kill Verclsid.exe
Posted by Computer_Guru_SD (6 comments )
Link Flag
A few things amiss with this Verclsid.exe
Looking at my system, I find a couple of things amiss with this Verclsid.exe problem. This is on a WinXP system, IE v6.0 with default settings and yesterday's updates installed:

1. I find no instance of Verclsid.exe in Task Manager. Not surprisingly, the address box in IE and Windows Exploder both work fine.

2. A Windows Search reveals four of the little rascals somewhere in the Windows folder, all dated 3/16/06. Looking at my Update History on the Windows Update site, I didn't update anything on 3/16. I updated four Windows Updates on 3/04 and the Malicious Software Removal Tool on 3/22.

3. Of the seven updates yesterday, none of them (nor the ones on 3/04) are MS06-015. In fact, going all the way back to last September, all of the updates start with "KB".

Thinking that maybe they changed their numbers when transferred to the History area, I first made an image file of my C Drive with TrueImage, then reinstalled an image file from a month ago, went back to the Windows Update site and all of the present updates start with "KB".

So it seems to me the question is, where did this "MS" update come from? And, since I don't have the Automatic Updates turned on, where did Verclsid.exe come from on 3/16?

And what makes this even more interesting is that I just now went over to Google and a search for "Verclsid.exe", then just "Verclsid", turned up exactly zero hits. This, all by itself, is extremely unusual. If this thing has been around since (at least) 3/16, surely someone would have written about it by now, and especially if it created problems.

Mystery of mysteries!
Posted by Joe Bolt (62 comments )
Link Flag
Re:Update causes Explorer bug
For some reason windows explorer kept malfunctioning on my computer after I installed the Security Update MS06-015 and the window that says "windows explorer encountered an error" would usually appear, but after I removed the update it appears to be much more stable and I have not encounted that error since. I'll refuse to install that update until microsoft addresses MS06-015 security patch stability issues.
Posted by dml316f5 (2 comments )
Link Flag
verclsid.exe is a big problem. Thanks, Bill!
A friend asked me to look at his XP laptop because it was running slow and Windows Explorer quit working. As the previous comment describes, it opens and then just hangs. I found over 20 copies of verclsid.exe running, eating up memory and CPU. When I killed them all, Windows Explorer started working again. I am glad I have not yet applied the April XP updates and will not until this is fixed. We love you too, Bill!
Posted by 2nerdy2live (2 comments )
Link Flag
Error in story
The story states "One is related to a specific ActiveX control, a kind of Web program, (MS06-014)".

Incorrect. MS06-014 relates to a MDAC flaw. MS06-013 deals with ActiveX controls among other items.
Posted by mawelsh (4 comments )
Reply Link Flag
Error in story
The story states "One is related to a specific ActiveX control, a kind of Web program, (MS06-014)".

Incorrect. MS06-014 relates to a MDAC flaw. MS06-013 deals with ActiveX controls among other items.
Posted by mawelsh (4 comments )
Reply Link Flag
How long are we going to put up with this s**&
How long are we supposed to buy the line about Microsoft crap
being vulnerable merely because of its super market share. As if
quality systems and application design and architecture mean
nothing.

Come on, in this country of lawyers can't someone put together a
class action product liability suit to convince these guys to stop
putting out crap. Really, Bill said that "Security is MS's top priority"
years ago. OK, we're still waiting.
Posted by philpacker (50 comments )
Reply Link Flag
Kinda hard to defend yourself...
...when most of the 'market' is gunning for you.

Wait, change that. Is, has, and will probably be after you for some time.
-----------

It's like blaming a company for a bulletproof vest that doesn't stop all bullets. Even if it's effective enough at the moment, very soon after said protection will be virtually gone.
Posted by Tomcat Adam (272 comments )
Link Flag
FunnRe: all u armchair OS designers
You know it's funny how you people sit here an complain yet you have no idea how hard it is to actually build an operating system.. let alone test every single peice of code that goes into it..
Don't like Microsoft.. switch to MAC or Linux.. hey but if you actually track the bug patches that are released for the various forms of Linux you'd see a suprising amount of updates.. again not always as severe as MS's but then again most of the bugs patched here need to be exploited by sending someone to a webpage.. or receiving an HTMl email..
Simple fix.. use firefox or some other kind of browser.. and a different mail client..
so unless you can write a better OS.. ****
Posted by R3DL1N3 (6 comments )
Link Flag
Easy answer, Phil
Phil Packer asks:

"How long are we going to put up with this s**&"

Easy one, Phil.

How about, "When people stop being evil"? No evil hackers, no Windows security problems. A simple question, a simple answer.

Unfortunately, Phil, being a prime example of what's wrong with America today, then goes on to recommend a class action suit against Microsoft. If you don't like 'em, sue 'em!

Okay, Phil, let's say you get your wish. A major nationwide class action suit is filed against Microsoft by ten of thousands of people asking for untold billions of dollars and Microsoft is forced to close its Windows division. Obviously, they can't anticipate all of the clever, ingenious things the hackers are going to come up with over the next number of years, so they're left with no alternative but to quit selling Windows.

Ten years pass.

And there you are in the computer store, looking to buy some new software. There's the little section for the ABC Operating System. There's the little section for the XYZ Operating System. There's the little section for the Gloogleblaken Operating System.

Finally you find the little section of software for the Flapperjack Operating System that you're using.

Is this really the way you want it?

Back in the late 80's, I was fortunate enough to own an Amiga computer. A fabulous machine that could do things that no Mac, Wintel or Linux machine can do to this day.

The only problem?

I'd walk into Fry's Electronics, and here would be this tiny little section of Amiga software. Next to it, there would be aisles and aisles and aisles of Windows software.

The small choice of software I had really sucked.

Maybe it's just me, but I'd just as soon not go through that again. It's part of the American ethos to knock the Big Guy and support the underdog, but sometimes that attitude is just flat-out stupid.
Posted by Joe Bolt (62 comments )
Link Flag
How long are we going to put up with this s**&
How long are we supposed to buy the line about Microsoft crap
being vulnerable merely because of its super market share. As if
quality systems and application design and architecture mean
nothing.

Come on, in this country of lawyers can't someone put together a
class action product liability suit to convince these guys to stop
putting out crap. Really, Bill said that "Security is MS's top priority"
years ago. OK, we're still waiting.
Posted by philpacker (50 comments )
Reply Link Flag
Kinda hard to defend yourself...
...when most of the 'market' is gunning for you.

Wait, change that. Is, has, and will probably be after you for some time.
-----------

It's like blaming a company for a bulletproof vest that doesn't stop all bullets. Even if it's effective enough at the moment, very soon after said protection will be virtually gone.
Posted by Tomcat Adam (272 comments )
Link Flag
FunnRe: all u armchair OS designers
You know it's funny how you people sit here an complain yet you have no idea how hard it is to actually build an operating system.. let alone test every single peice of code that goes into it..
Don't like Microsoft.. switch to MAC or Linux.. hey but if you actually track the bug patches that are released for the various forms of Linux you'd see a suprising amount of updates.. again not always as severe as MS's but then again most of the bugs patched here need to be exploited by sending someone to a webpage.. or receiving an HTMl email..
Simple fix.. use firefox or some other kind of browser.. and a different mail client..
so unless you can write a better OS.. ****
Posted by R3DL1N3 (6 comments )
Link Flag
Easy answer, Phil
Phil Packer asks:

"How long are we going to put up with this s**&"

Easy one, Phil.

How about, "When people stop being evil"? No evil hackers, no Windows security problems. A simple question, a simple answer.

Unfortunately, Phil, being a prime example of what's wrong with America today, then goes on to recommend a class action suit against Microsoft. If you don't like 'em, sue 'em!

Okay, Phil, let's say you get your wish. A major nationwide class action suit is filed against Microsoft by ten of thousands of people asking for untold billions of dollars and Microsoft is forced to close its Windows division. Obviously, they can't anticipate all of the clever, ingenious things the hackers are going to come up with over the next number of years, so they're left with no alternative but to quit selling Windows.

Ten years pass.

And there you are in the computer store, looking to buy some new software. There's the little section for the ABC Operating System. There's the little section for the XYZ Operating System. There's the little section for the Gloogleblaken Operating System.

Finally you find the little section of software for the Flapperjack Operating System that you're using.

Is this really the way you want it?

Back in the late 80's, I was fortunate enough to own an Amiga computer. A fabulous machine that could do things that no Mac, Wintel or Linux machine can do to this day.

The only problem?

I'd walk into Fry's Electronics, and here would be this tiny little section of Amiga software. Next to it, there would be aisles and aisles and aisles of Windows software.

The small choice of software I had really sucked.

Maybe it's just me, but I'd just as soon not go through that again. It's part of the American ethos to knock the Big Guy and support the underdog, but sometimes that attitude is just flat-out stupid.
Posted by Joe Bolt (62 comments )
Link Flag
ActiveX fix not release yet...
The ActiveX fix was not in the last bundle. I still have to manually install the ActiveX fix to test my applications.

However, I find it very funny how the biggest thing affected is Macromedia Flash and Shockwave; considering MS is suppose to release a similar product this year.

Also, this fix is very easily bypassed via a code change, so I am not sure what MS is protecting us from. More likely they just want to frustrate everyone that goes to Flash webpages. Kinda of stupid to release a "security patch" that can be by passed by adding 5-10 extra lines of code on a page.
Posted by umbrae (1073 comments )
Reply Link Flag
ActiveX fix not release yet...
The ActiveX fix was not in the last bundle. I still have to manually install the ActiveX fix to test my applications.

However, I find it very funny how the biggest thing affected is Macromedia Flash and Shockwave; considering MS is suppose to release a similar product this year.

Also, this fix is very easily bypassed via a code change, so I am not sure what MS is protecting us from. More likely they just want to frustrate everyone that goes to Flash webpages. Kinda of stupid to release a "security patch" that can be by passed by adding 5-10 extra lines of code on a page.
Posted by umbrae (1073 comments )
Reply Link Flag
Who Cares
Are you seriously telling me that there are still people out there who aren't using Firefox???

damn... if you're still using IE, you need more then to download a patch to fix your problems.
Posted by pkrzycki (3 comments )
Reply Link Flag
Unfortunately...
yeah, still like 85% use IE.

Of course, if you are still using Windows then you still need the patch for those applications that ignore your default browser settings and lanuch IE anyway, or use the MS HTML object directly.
Posted by umbrae (1073 comments )
Link Flag
The real you
John Jingleheimerschmidt asks:

"Are you seriously telling me that there are still people out there who aren't using Firefox???"

I webmaster a fairly popular site for a local radio station, and, according to the stats, a whopping 7.3% are using Firefox. So, when you say "Who Cares", what you're really saying is that you don't care about 90% of the population.

So, the question is, is that the kind of person you really want to be? And, if so, would you prefer the term "smug" or "cultist" to describe yourself?

How about both? :)
Posted by Joe Bolt (62 comments )
Link Flag
ApplWix^
I'm bying Im$c
Posted by paulsecic (298 comments )
Link Flag
I agree!!
Who would be stupid enough to still use Internet Explorer?
Posted by peter012 (4 comments )
Link Flag
Who Cares
Are you seriously telling me that there are still people out there who aren't using Firefox???

damn... if you're still using IE, you need more then to download a patch to fix your problems.
Posted by pkrzycki (3 comments )
Reply Link Flag
Unfortunately...
yeah, still like 85% use IE.

Of course, if you are still using Windows then you still need the patch for those applications that ignore your default browser settings and lanuch IE anyway, or use the MS HTML object directly.
Posted by umbrae (1073 comments )
Link Flag
The real you
John Jingleheimerschmidt asks:

"Are you seriously telling me that there are still people out there who aren't using Firefox???"

I webmaster a fairly popular site for a local radio station, and, according to the stats, a whopping 7.3% are using Firefox. So, when you say "Who Cares", what you're really saying is that you don't care about 90% of the population.

So, the question is, is that the kind of person you really want to be? And, if so, would you prefer the term "smug" or "cultist" to describe yourself?

How about both? :)
Posted by Joe Bolt (62 comments )
Link Flag
ApplWix^
I'm bying Im$c
Posted by paulsecic (298 comments )
Link Flag
I agree!!
Who would be stupid enough to still use Internet Explorer?
Posted by peter012 (4 comments )
Link Flag
Will this rid me of WinFixer????
That little bastard spyware program has thoroughly irritated me for a month now. I used Spyware Doctor, hijackthis, adaware, pestpatrol, windows defender, norton a/v, ran IE7 in noAddon mode and still kept getting winfixer popups.
Posted by jamie.p.walsh (288 comments )
Reply Link Flag
Probably not...
I don't know how "computer adept" you are, and thus I don't know if you have tried starting your computer up in safe mode and running Microsoft Defender which should remove it. I know from expierience that even if it looks like IE is closed sometimes it is actually started up in the background by these malicious programs to keep Microsoft defender and the like from removing them. So If you havn't yet, I would suggest restarting your computer in safe mode and running you're anti-spyeware/adware program then. Hope this helps.
Posted by TheTechKid (66 comments )
Link Flag
Bye Bye WinFixer!
I added "http://www.winfixer.com" to the list of restricted sites and that completely eliminated those WinFixer popups for me.

IE - Internet Options - Security - Restricted sites - Sites...

If something is running in your Start Up, Scotty the Dog will take the bite out of it! Get WinPatrol at <a class="jive-link-external" href="http://www.winpatrol.com/" target="_newWindow">http://www.winpatrol.com/</a>
Posted by Xooz (2 comments )
Link Flag
Will this rid me of WinFixer????
That little bastard spyware program has thoroughly irritated me for a month now. I used Spyware Doctor, hijackthis, adaware, pestpatrol, windows defender, norton a/v, ran IE7 in noAddon mode and still kept getting winfixer popups.
Posted by jamie.p.walsh (288 comments )
Reply Link Flag
Probably not...
I don't know how "computer adept" you are, and thus I don't know if you have tried starting your computer up in safe mode and running Microsoft Defender which should remove it. I know from expierience that even if it looks like IE is closed sometimes it is actually started up in the background by these malicious programs to keep Microsoft defender and the like from removing them. So If you havn't yet, I would suggest restarting your computer in safe mode and running you're anti-spyeware/adware program then. Hope this helps.
Posted by TheTechKid (66 comments )
Link Flag
Bye Bye WinFixer!
I added "http://www.winfixer.com" to the list of restricted sites and that completely eliminated those WinFixer popups for me.

IE - Internet Options - Security - Restricted sites - Sites...

If something is running in your Start Up, Scotty the Dog will take the bite out of it! Get WinPatrol at <a class="jive-link-external" href="http://www.winpatrol.com/" target="_newWindow">http://www.winpatrol.com/</a>
Posted by Xooz (2 comments )
Link Flag
DCOM Crashed During Patch Update
As I was doing the patch updates last night I got an error message saying that DCOM had crashed and the computer needed to be rebooted. It proceeded to do an autoshutdown in 30 seconds -- right in the middle of the updates being installed! There was no way I could kill the shutdown, and the computer rebooted halfway through the patches being applied. I don't know if the update process killed DCOM, or if it was just a coincidence. I restored my system from an image backup, and am going to defer applying the patches until I see more feedback from users about problems with the patches.

This is just all so much nonsense, this monthly Windows patch circus. I would recommend to anyone who doesn't already have a computer that they buy a Mac and don't ever go near a Microsoft product. There is no way my 77 year old father could ever begin to deal with all this MS crap on his own.
Posted by Stating (869 comments )
Reply Link Flag
DCOM Crashed During Patch Update
As I was doing the patch updates last night I got an error message saying that DCOM had crashed and the computer needed to be rebooted. It proceeded to do an autoshutdown in 30 seconds -- right in the middle of the updates being installed! There was no way I could kill the shutdown, and the computer rebooted halfway through the patches being applied. I don't know if the update process killed DCOM, or if it was just a coincidence. I restored my system from an image backup, and am going to defer applying the patches until I see more feedback from users about problems with the patches.

This is just all so much nonsense, this monthly Windows patch circus. I would recommend to anyone who doesn't already have a computer that they buy a Mac and don't ever go near a Microsoft product. There is no way my 77 year old father could ever begin to deal with all this MS crap on his own.
Posted by Stating (869 comments )
Reply Link Flag
Insecure Exploder
I don't know why people don't start using Firefox. At least give it a try. Everyone I've talked to loves it. I've recommended a few friends to it and they love it. I know since FF is gaining users and popularity, it's likely more security problems might happen with FF. IE's patches are almost hourly it seems like.

At this point, if you don't have FF, you need to not only download FF, download Spybot Search and Destroy, Ad-Aware. It's hard to keep up with all the IE updates.

Friends don't let friends use Internet Explorer

(also known as Insecure Exploder
Posted by pentium4forever (192 comments )
Reply Link Flag
Tried it, didn't like it
I tried it about a year ago when all this fuss about "If you used Firefox, you wouldn't be vulnerable" was being spouted.

At the time, the "out of the box" version of Firefox was severely lacking in the features I'm looking for. Yes, I know it's possible to add things onto it... but I'm lazy. I use Avant browser (an IE shell) because it has all the features I want (and then some) built right into it.

If the day should ever come when Firefox doesn't need add-ons in order to be "feature packed," I may try it again.
Posted by Jim Harmon (329 comments )
Link Flag
IE is not as bad you make it sound
Couple of months ago I downloaded firefox and thought it was more secure. Next day I saw that they released a patch to plug a hole for an exploit. That made me realise no software is safe.

I use IE everyday. I have not had any issues so far. I use it to visit some very well known sites all the time.
Posted by Tanjore (322 comments )
Link Flag
Firefox is overrated
It is unstable and resource hungry. When I used it it crashed on me at least once a week, and always at the worst time. I have used Opera since last year and I love it.

(I don't dislike IE, I just love tabs. When IE 7 is finished I will might use that instead.)
Posted by Andrew J Glina (1673 comments )
Link Flag
Insecure Exploder
I don't know why people don't start using Firefox. At least give it a try. Everyone I've talked to loves it. I've recommended a few friends to it and they love it. I know since FF is gaining users and popularity, it's likely more security problems might happen with FF. IE's patches are almost hourly it seems like.

At this point, if you don't have FF, you need to not only download FF, download Spybot Search and Destroy, Ad-Aware. It's hard to keep up with all the IE updates.

Friends don't let friends use Internet Explorer

(also known as Insecure Exploder
Posted by pentium4forever (192 comments )
Reply Link Flag
Tried it, didn't like it
I tried it about a year ago when all this fuss about "If you used Firefox, you wouldn't be vulnerable" was being spouted.

At the time, the "out of the box" version of Firefox was severely lacking in the features I'm looking for. Yes, I know it's possible to add things onto it... but I'm lazy. I use Avant browser (an IE shell) because it has all the features I want (and then some) built right into it.

If the day should ever come when Firefox doesn't need add-ons in order to be "feature packed," I may try it again.
Posted by Jim Harmon (329 comments )
Link Flag
IE is not as bad you make it sound
Couple of months ago I downloaded firefox and thought it was more secure. Next day I saw that they released a patch to plug a hole for an exploit. That made me realise no software is safe.

I use IE everyday. I have not had any issues so far. I use it to visit some very well known sites all the time.
Posted by Tanjore (322 comments )
Link Flag
Firefox is overrated
It is unstable and resource hungry. When I used it it crashed on me at least once a week, and always at the worst time. I have used Opera since last year and I love it.

(I don't dislike IE, I just love tabs. When IE 7 is finished I will might use that instead.)
Posted by Andrew J Glina (1673 comments )
Link Flag
What I like about Firefox 1.5...
As a recent convert, some things that I like about Firefox (1.5) are faster page loading times, an instant acting back arrow, shrink-to-fit printing, live bookmarks, tabbed windows,...

It works with all of the sites that I visit, and has been stable and crash-free.
Posted by john55440 (1020 comments )
Reply Link Flag
What I like about Firefox 1.5...
As a recent convert, some things that I like about Firefox (1.5) are faster page loading times, an instant acting back arrow, shrink-to-fit printing, live bookmarks, tabbed windows,...

It works with all of the sites that I visit, and has been stable and crash-free.
Posted by john55440 (1020 comments )
Reply Link Flag
How long between MS Bulletin notification and the real vul report
Whenever Microsoft publishs a security bulletin notification and patch, we know some bugs and defects are discovered and we have to do something to patch our windows. But I want to know "how long between MS notification and the real vul report"? ie. typically, what's the internal time slot between they know the vulnerability's existing and they roll out a patch or workaround, and finally notify our end users?

<a class="jive-link-external" href="http://hi2005.wordpress.com" target="_newWindow">http://hi2005.wordpress.com</a>
Posted by zhaol (7 comments )
Reply Link Flag
How long between MS Bulletin notification and the real vul report
Whenever Microsoft publishs a security bulletin notification and patch, we know some bugs and defects are discovered and we have to do something to patch our windows. But I want to know "how long between MS notification and the real vul report"? ie. typically, what's the internal time slot between they know the vulnerability's existing and they roll out a patch or workaround, and finally notify our end users?

<a class="jive-link-external" href="http://hi2005.wordpress.com" target="_newWindow">http://hi2005.wordpress.com</a>
Posted by zhaol (7 comments )
Reply Link Flag
MS06-015 / KB908531 is causing my Win XP Pro SP2 OS to COMPLETELY FREEZE
MS06-015 / KB908531 is causing my Win XP Pro SP2 OS to COMPLETELY FREEZE intermittently. I am able to "SEE" this fact because I have GoBack 4 from Norton/Symantec installed on my system. I am forced to reboot my system when it freezes. I can then, after the reboot, start the Advanced Restore feature of GoBack 4 to see what the last file activity was on my OS just prior to the system's freezing (i.e., the file activity right before my latest system restart due to the reboot). When I check this file activity, right before the freeze itself occurred, I see VERCLSID.EXE was executing immediately prior to the system freeze! Prior to this Microsoft update, my system was completely stable; I could run it for days with no issues. Now, however, it freezes randomly, and it appears that VERCLSID.EXE is the culprit. Moreover, the freezes can occur right after my OS' sstars screensaveer is activated, when I try to use ACT!, or any number of other "random" activities I might be doing. Therefore, Microsoft's exceedintly limited list of "known" conflicting third-party applications is B.S.; there are myriads of conflicts, it appears to me. So, besides fixing this Microsoft pushed OS-breaking piece of sh't on the masses who use Windows XP, I suggest that Microsoft REPLACE its entire QA team for these OS updates. This is beyond unacceptable! Microsoft is making its OS crap rather than improving it for us all. Hmmm! I wonder... Could it be that Microsoft would like to break everyone's Windows XP OS's just in time to tell us about how great it would be for us to all migrate to Windows Vista? Now that's a thought!!!
Posted by thuck (2 comments )
Reply Link Flag
MS06-015 / KB908531 is causing my Win XP Pro SP2 OS to COMPLETELY FREEZE
MS06-015 / KB908531 is causing my Win XP Pro SP2 OS to COMPLETELY FREEZE intermittently. I am able to "SEE" this fact because I have GoBack 4 from Norton/Symantec installed on my system. I am forced to reboot my system when it freezes. I can then, after the reboot, start the Advanced Restore feature of GoBack 4 to see what the last file activity was on my OS just prior to the system's freezing (i.e., the file activity right before my latest system restart due to the reboot). When I check this file activity, right before the freeze itself occurred, I see VERCLSID.EXE was executing immediately prior to the system freeze! Prior to this Microsoft update, my system was completely stable; I could run it for days with no issues. Now, however, it freezes randomly, and it appears that VERCLSID.EXE is the culprit. Moreover, the freezes can occur right after my OS' sstars screensaveer is activated, when I try to use ACT!, or any number of other "random" activities I might be doing. Therefore, Microsoft's exceedintly limited list of "known" conflicting third-party applications is B.S.; there are myriads of conflicts, it appears to me. So, besides fixing this Microsoft pushed OS-breaking piece of sh't on the masses who use Windows XP, I suggest that Microsoft REPLACE its entire QA team for these OS updates. This is beyond unacceptable! Microsoft is making its OS crap rather than improving it for us all. Hmmm! I wonder... Could it be that Microsoft would like to break everyone's Windows XP OS's just in time to tell us about how great it would be for us to all migrate to Windows Vista? Now that's a thought!!!
Posted by thuck (2 comments )
Reply Link Flag
I'm having a problem with Outlook Express, about 1 of every 8 incoming emails has no subject or name of
who it's from and the body is usually just html language.

Any ideas on how to fix this?

Thanks,
jpm
Posted by machine27 (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.