August 9, 2005 2:08 PM PDT

IE flaw opens door to infection on sight

Related Stories

Windows flaw reaches beyond XP

July 18, 2005

PCs falling victim to Windows flaws

July 12, 2005
Microsoft has issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a computer.

The software maker released six security bulletins on Tuesday as part of its monthly patching cycle, describing three of them as "critical." The Redmond, Wash.-based company gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user.

One bulletin addresses three vulnerabilities in the Internet Explorer, Microsoft's widely used Web browser. These issues carry the highest risk of attack out of all the issues fixed, Oliver Friedrichs, a senior manager at Symantec Security Response, said.

Two other flaws, affecting the plug-and-play feature and printing in Windows, could also spell some trouble for users, he said.

An error in the way IE handles JPEG images is especially alarming, according to Symantec. An attacker could commandeer a PC by crafting a malicious image and tricking the victim to look at it on a Web site or in an HTML e-mail, for example, Microsoft said in its MS05-038 security bulletin.

"These vulnerabilities can be leveraged by malicious Web sites to install spyware, Trojan horses, bots or other programs on an unsuspecting user's machine," Friedrichs said.

The other two IE flaws could also enable an attacker to take control of a user's computer. One vulnerability lies in how the browser handles URLs, related to a feature that lets users view file folders in IE. The other deals with the ability of IE to call on other parts of Windows and is similar to a problem patched last month.

While the IE issues affect all currently supported versions of the browser and Windows, Microsoft's two other "critical" security bulletins have a more limited scope. These aren't as far-reaching within Microsoft's more recent operating system products.

A flaw in the plug-and-play feature in Windows could allow an anonymous attacker to remotely access and control Windows 2000 systems, Microsoft said in security bulletin MS05-039. However, such an attack is not possible on computers running Windows XP with Service Pack 2 and Windows Server 2003, the company said.

Also, a bug in the Windows print spooling service could let an intruder gain access to machines running Windows 2000 and Windows XP with Service Pack 1. The same attack on systems running Windows XP SP2 and Windows Server 2003 would only cause a crash, according to Microsoft's MS05-043 bulletin.

All current versions of Microsoft's operating system are vulnerable to a problem with a Windows component that supports telecommunication, Microsoft said in its MS05-040 bulletin, rated "important." However, it primarily affects servers configured as telephony servers, the company said. An attacker could commandeer such a system by sending it a specially crafted request.

The two remaining bulletins are rated "moderate." One fixes a previously known security flaw that, using a problem in the Remote Desktop Protocol, could let a hacker remotely crash computers running Windows. The other relates to Microsoft's implementation of the Kerberos authentication protocol.

RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said in bulletin MS05-041.

The Kerberos problem affects only Windows 2000 and Windows Server 2003 systems used as domain controllers. A specially crafted message sent to a system could cause it to crash, Microsoft said.

Another flaw related to Kerberos could let an attacker spoof a domain controller and potentially access a network, but can't be exploited by anonymous users, Microsoft said in bulletin MS05-042.

Microsoft urges its customers to apply the patches as soon as possible. Users of Automatic Updates in Windows will get the patches automatically. Microsoft is not aware of any current attacks that take advantage of the problems patched in the bulletins.

32 comments

Join the conversation!
Add your comment
Microsoft Flaws
It's no wonder that Firefox is gaininga big market share. Microsoft has had yrs to get it right. Have they never heard of "cleaning house" and starting over with personnel that knows what they are doing? Change their name to "Flawsoft".
Jimmie
Posted by JHaynie (2 comments )
Reply Link Flag
MS's Poor Quality Will Be Their Downfall
That's right, Jimmie, they've had years to get it right and more
than enough intelligent people telling to dump the code and
start over.

Sadly, there's been one MS apologist after another, in these very
blogs, excusing MS/IE problems as no big deal. Even after
reading an almost a daily stream of MS/IE problems, security
attacks, and sloppy coding.

MS users say Linux and OS X have the same sort security issues
or could if they were mainstream. The fact is, both Linux and OS
X have millions of users, not the few dozen MS lovers seem to
think. That's a plenty big enough virus audience to screw with
should hackers want to. Especially considering how popular OS X
is becoming and all the good overall pub Apple is getting.

But we don't read about security issues with those two systems
on the front pages of webzines on an almost daily like we do
with MS products. Why? Quality, my friend, quality. It's a lost art
at Microsoft and it will be their downfall.
Posted by cjohn17 (268 comments )
Link Flag
Microsoft Flaws
It's no wonder that Firefox is gaininga big market share. Microsoft has had yrs to get it right. Have they never heard of "cleaning house" and starting over with personnel that knows what they are doing? Change their name to "Flawsoft".
Jimmie
Posted by JHaynie (2 comments )
Reply Link Flag
MS's Poor Quality Will Be Their Downfall
That's right, Jimmie, they've had years to get it right and more
than enough intelligent people telling to dump the code and
start over.

Sadly, there's been one MS apologist after another, in these very
blogs, excusing MS/IE problems as no big deal. Even after
reading an almost a daily stream of MS/IE problems, security
attacks, and sloppy coding.

MS users say Linux and OS X have the same sort security issues
or could if they were mainstream. The fact is, both Linux and OS
X have millions of users, not the few dozen MS lovers seem to
think. That's a plenty big enough virus audience to screw with
should hackers want to. Especially considering how popular OS X
is becoming and all the good overall pub Apple is getting.

But we don't read about security issues with those two systems
on the front pages of webzines on an almost daily like we do
with MS products. Why? Quality, my friend, quality. It's a lost art
at Microsoft and it will be their downfall.
Posted by cjohn17 (268 comments )
Link Flag
Why Is Spooler Accessing The Internet?
I just installed the set of Microsoft security patches. After rebooting (why do these stoopid patches require a reboot?), ZoneAlarm Internet Security is telling me that "Spooler SubSystem App (spoolsv.exe) is trying to access the Internet at address 207.46.253.253:DNS (whois says this IP belongs to Microsoft). What kind of stoopid BS is this? Why does the XP Spooler think it needs to connect back to Microsoft? Is it "tattling to the teacher" on me? Is this kind of foolishness going to persist in Vista?

Also, this points out something very interesting. Presumably if I was solely using Microsoft's own security tools then I would not be informed when other Microsoft components were doing this kind of access behind my back. So aside from the adequacy issue, i.e. would you trust security to the very vendor that repeatedly fails to provide security, it would seem prudent to use a 3rd party tool to check up on Microsoft's own software to keep everyone honest. Oh, BTW, I have no network installed printers residing in Redmond, so I summarily told ZoneAlarm to NOT grant this Spooler access to the Internet.

Homage to Sir Bill:
" Oh will you never let me be?
Oh will you never set me free?
The ties that bound us are still around us
There's no escape that I can see
And still those little things remain
That bring me happiness or pain
These foolish things
Remind me of you"
Posted by Stating (869 comments )
Reply Link Flag
:-)
Once you go Mac, you'll never go back.

Turn away from the Dark Side
Posted by Thomas, David (1947 comments )
Link Flag
Why Is Spooler Accessing The Internet?
I just installed the set of Microsoft security patches. After rebooting (why do these stoopid patches require a reboot?), ZoneAlarm Internet Security is telling me that "Spooler SubSystem App (spoolsv.exe) is trying to access the Internet at address 207.46.253.253:DNS (whois says this IP belongs to Microsoft). What kind of stoopid BS is this? Why does the XP Spooler think it needs to connect back to Microsoft? Is it "tattling to the teacher" on me? Is this kind of foolishness going to persist in Vista?

Also, this points out something very interesting. Presumably if I was solely using Microsoft's own security tools then I would not be informed when other Microsoft components were doing this kind of access behind my back. So aside from the adequacy issue, i.e. would you trust security to the very vendor that repeatedly fails to provide security, it would seem prudent to use a 3rd party tool to check up on Microsoft's own software to keep everyone honest. Oh, BTW, I have no network installed printers residing in Redmond, so I summarily told ZoneAlarm to NOT grant this Spooler access to the Internet.

Homage to Sir Bill:
" Oh will you never let me be?
Oh will you never set me free?
The ties that bound us are still around us
There's no escape that I can see
And still those little things remain
That bring me happiness or pain
These foolish things
Remind me of you"
Posted by Stating (869 comments )
Reply Link Flag
:-)
Once you go Mac, you'll never go back.

Turn away from the Dark Side
Posted by Thomas, David (1947 comments )
Link Flag
Oh Bib...
Can't wait to read a another truly insightful argument from you...
Posted by Steven N (487 comments )
Reply Link Flag
Oh Bib...
Can't wait to read a another truly insightful argument from you...
Posted by Steven N (487 comments )
Reply Link Flag
Oh My God! IE's getting as bad as Firefox...
:)
Posted by fred dunn (793 comments )
Reply Link Flag
Au contrare
The fact that they're still finding vulnerabilities many many many years after it's release speaks otherwise.

Also, this is yet another drive-by-vulnerability. If I'm not mistaken, Firefox has never had one as serious as this.
Posted by hion2000 (115 comments )
Link Flag
Oh My God! IE's getting as bad as Firefox...
:)
Posted by fred dunn (793 comments )
Reply Link Flag
Au contrare
The fact that they're still finding vulnerabilities many many many years after it's release speaks otherwise.

Also, this is yet another drive-by-vulnerability. If I'm not mistaken, Firefox has never had one as serious as this.
Posted by hion2000 (115 comments )
Link Flag
what is the point of these stories?
they are copied almost word-for-word everytime microsoft releases a new patch. i don't see how they are newsworthy. "flaw could allow someone to take over your computer! microsoft released a fix! (insert 2 pages of fluff)"

and the people who are too incompetent to install updates to protect themselves are not likely to visit a site like this very often anyway.
Posted by Sam Papelbon (242 comments )
Reply Link Flag
Yeppers
Too stupid to continually monitor and update our systems, or too
stupid to give in, trust Microsoft, and let Microsoft perform those
updates for them. ....

yeah, right.

My God. Maybe there is a better way!
Posted by Thomas, David (1947 comments )
Link Flag
what is the point of these stories?
they are copied almost word-for-word everytime microsoft releases a new patch. i don't see how they are newsworthy. "flaw could allow someone to take over your computer! microsoft released a fix! (insert 2 pages of fluff)"

and the people who are too incompetent to install updates to protect themselves are not likely to visit a site like this very often anyway.
Posted by Sam Papelbon (242 comments )
Reply Link Flag
Yeppers
Too stupid to continually monitor and update our systems, or too
stupid to give in, trust Microsoft, and let Microsoft perform those
updates for them. ....

yeah, right.

My God. Maybe there is a better way!
Posted by Thomas, David (1947 comments )
Link Flag
Face it, Microsoft makes junk
Talk about a shade tree mechanic operation, these guys are
putting band-aids on top of duct tape, on top of rusty screws,
on top of a cracked windshield, er windows. Many of you are
bright enough to realize youre losers with windows, I guess it
serves them right to have to patch XP each week, or month on
Tuesday. What a pile of junk MSFT makes, if you did your jobs as
bad as they did, none of you would have jobs, you would have
been fired long ago. Its time for you to admit youre propping up
"crap" and dump it. Get youreself OS X and after 1 week, I dare
say youll wonder how Bill Gates has gotten away with ripping off
the world for 20 years. He got your money and still wants more,
step right up and be a sucker. Hahahahahahasta lavista
Posted by educateme (101 comments )
Reply Link Flag
Face it, Microsoft makes junk
Talk about a shade tree mechanic operation, these guys are
putting band-aids on top of duct tape, on top of rusty screws,
on top of a cracked windshield, er windows. Many of you are
bright enough to realize youre losers with windows, I guess it
serves them right to have to patch XP each week, or month on
Tuesday. What a pile of junk MSFT makes, if you did your jobs as
bad as they did, none of you would have jobs, you would have
been fired long ago. Its time for you to admit youre propping up
"crap" and dump it. Get youreself OS X and after 1 week, I dare
say youll wonder how Bill Gates has gotten away with ripping off
the world for 20 years. He got your money and still wants more,
step right up and be a sucker. Hahahahahahasta lavista
Posted by educateme (101 comments )
Reply Link Flag
widespread update failures reported
The bigger story here is the widespread reports of update FAILURES (successful downloads, but failed installs with no details as to why).

There is lots of speculation that Microsoft is now INTENTIONALLY BLOCKING critical updates to systems that can not be verified as "legal".

This is thrilling news to hackers & cyber-terrorists everywhere. But it also begs the question: By taking this action & intentionally holding open security holes, is Microsoft now labeled a "supporter of terrorism...?"
Posted by W2Kuser (33 comments )
Reply Link Flag
It's being addressed.
If one uses Windows Update or Auto update no problems are seen.
If one downloads the updates, for installation at a later date or on another machine, then they fail to install. These updates appear to be coming from a different server and they are, for some reason, corrupt files. I hear Microsoft is in the process of fixing this problem.
So all you techs, who download critical updates to keep client machines running smoothly, have a little patience as the problem is being corrected.
Posted by Muddleme (99 comments )
Link Flag
widespread update failures reported
The bigger story here is the widespread reports of update FAILURES (successful downloads, but failed installs with no details as to why).

There is lots of speculation that Microsoft is now INTENTIONALLY BLOCKING critical updates to systems that can not be verified as "legal".

This is thrilling news to hackers & cyber-terrorists everywhere. But it also begs the question: By taking this action & intentionally holding open security holes, is Microsoft now labeled a "supporter of terrorism...?"
Posted by W2Kuser (33 comments )
Reply Link Flag
It's being addressed.
If one uses Windows Update or Auto update no problems are seen.
If one downloads the updates, for installation at a later date or on another machine, then they fail to install. These updates appear to be coming from a different server and they are, for some reason, corrupt files. I hear Microsoft is in the process of fixing this problem.
So all you techs, who download critical updates to keep client machines running smoothly, have a little patience as the problem is being corrected.
Posted by Muddleme (99 comments )
Link Flag
Win2000 Pro worm/virus
I am curious to find out if this new threat
would cause a Windows 2000Pro box too reboot
by itself, with no error messages, nothing in
the logs mentioning a crash. I have ran into this
problem, I was looking at Cnet.com's news page
this morning, and finally SEEN the crash, it's
been crashing like this for a week or so.
Posted by MikeHolli (4 comments )
Reply Link Flag
Win2000 Pro worm/virus
I am curious to find out if this new threat
would cause a Windows 2000Pro box too reboot
by itself, with no error messages, nothing in
the logs mentioning a crash. I have ran into this
problem, I was looking at Cnet.com's news page
this morning, and finally SEEN the crash, it's
been crashing like this for a week or so.
Posted by MikeHolli (4 comments )
Reply Link Flag
Microsoft Internet spooler
I also am having major problems with Microsoft Internet spooler. Whenever I turn I my printer
(an HP 6520), I now get a Norton security alert saying Microsoft Internet Spooler is trying to access the internet. No matter what I do--automatically congfigure, permit, block etc--my computer freezes at that time and will not even allow a normal shut down! It only appears to happen when I turn the printer on so my only solutions so far have been to leave it on all the time or disable the Norton Internet security when I turn it on (I also have Norton Systemworks). It happens with both Firefox and Internet explorer--anyone else having these issues or have a fix?
Posted by (2 comments )
Reply Link Flag
Microsoft Internet spooler
I also am having major problems with Microsoft Internet spooler. Whenever I turn I my printer
(an HP 6520), I now get a Norton security alert saying Microsoft Internet Spooler is trying to access the internet. No matter what I do--automatically congfigure, permit, block etc--my computer freezes at that time and will not even allow a normal shut down! It only appears to happen when I turn the printer on so my only solutions so far have been to leave it on all the time or disable the Norton Internet security when I turn it on (I also have Norton Systemworks). It happens with both Firefox and Internet explorer--anyone else having these issues or have a fix?
Posted by (2 comments )
Reply Link Flag
This does things for me...
That does it!! When I get home tonight I am downlaoding either Firefox or Netscape, and then I will take Internet Explorer off of my Windows XP machine--and yes, it can be done without destroying Windoze (its been proven in court by the judge himself!). Other than Firefox or Netscape, does anyone know of any other webbrowsers?
Posted by james.grimes (58 comments )
Reply Link Flag
This does things for me...
That does it!! When I get home tonight I am downlaoding either Firefox or Netscape, and then I will take Internet Explorer off of my Windows XP machine--and yes, it can be done without destroying Windoze (its been proven in court by the judge himself!). Other than Firefox or Netscape, does anyone know of any other webbrowsers?
Posted by james.grimes (58 comments )
Reply Link Flag
When updates are applied...
What about those of us that do apply our updates almost as soon as they come out only to have the update itself to hose our machines? Then what! My machine at home was hosed last week by the WIN XP patch release! I had to re-install after trying to fix things all weekend (also had to go to work, too).
Posted by james.grimes (58 comments )
Reply Link Flag
When updates are applied...
What about those of us that do apply our updates almost as soon as they come out only to have the update itself to hose our machines? Then what! My machine at home was hosed last week by the WIN XP patch release! I had to re-install after trying to fix things all weekend (also had to go to work, too).
Posted by james.grimes (58 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.