resource center
  See your link here
|
IDG News Service -
Microsoft Corp. continued its policy of releasing monthly security updates yesterday, issuing three new software patches, including fixes for the MSN Messenger instant messaging program, Windows Media Services and the Outlook e-mail client.
Microsoft published three security bulletins, MS04-008, MS04-009 and MS04-010. Only one of the security holes, which is in Outlook, could allow attackers to run malicious code on affected computers. And none of the new vulnerabilities was rated "critical" by Microsoft. Details on the bulletins are available on Microsoft's TechNet Web site.
Security bulletin MS04-009 includes a patch for Microsoft Office XP Service Pack 2 and Microsoft Outlook 2002 Service Pack 2 that fixes a problem with the way Outlook handles URLs that use the "mailto" tag. That tag allows Web page authors to insert links on Web pages that launch Outlook or other e-mail clients.
A problem with the way Outlook interprets mailto URLs could allow an attacker to use a specially formatted mailto URL to gain access to files on an affected system or insert and run malicious computer code. It is rated "important," Microsoft said.
Computers would have to be running a vulnerable version of Outlook and have the Outlook Today home page as their default home page with Outlook. Outlook Today is the home page only until an e-mail account is created, Microsoft said.
The other software bulletins, MS04-008 and MS04-010, address vulnerabilities that were rated "moderate."
A software patch detailed in MS04-010 addresses a security hole in MSN Messenger Versions 6.0 and 6.1 that could allow an attacker to secretly view information on a user's hard drive.
A problem with the way Messenger treats requests from transfer files between Messenger installations allows attackers to use a specially formatted request to browse the recipient's hard drive and read files without the recipient knowing, Microsoft said.
Finally, MS04-008 fixes a security vulnerability in Windows 2000 Server Service Packs 2, 3 and 4. A problem with the way Windows Media Station Service and Windows Media Monitor Service process TCP/IP connections could allow an attacker to send specially formatted TCP/IP packets that shut down either service.
Windows Media Services is a component of Windows 2000 Server that allows users to manage and distribute Windows Media-format content over the Internet.
The vulnerability could make Windows 2000 Server installations vulnerable to denial-of-service attacks, Microsoft said.
IDG.net
Share our Strength
Download Now
Key Strategies for Managing Data Growth
What are you storage challenges?
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
