MAJOR ---MS security alert

Wednesday, 13 April, 2005, 11:23 GMT 12:23 UK

Net security bug prompts warnings
Many Microsoft products are affected by the bugs
Microsoft has issued patches for five critical bugs in its software.

The bugs affect Windows, Internet Explorer, Word, Messenger and
Exchange. If exploited the loopholes could give an attacker complete
control over a compromised computer.

One flaw is found in so much of the net's software that the UK
government's national computer security advisor issued its own warning
about it.

Users were urged to install the patches to ensure their machine was
protected.

Bad bugs

The warnings about the critical vulnerabilities were issued as part of
Microsoft's April security update. As well as these most serious bugs,
Microsoft warned about three others that it only considered "important"
- the second highest rating.

Most of the critical bugs involve weaknesses that, if exploited, would
allow attackers to run their own code remotely on a target machine.


VULNERABLE SOFTWARE
Internet Explorer
Windows 98, ME, XP and 2000
Windows 2000 Service Packs 3 and 4
Windows XP 64-bit edition, version 2003 and Service Pack 1
Windows XP Service Packs 1 and 2
Windows Server 2003
Office Word 2003
Works Suite 2001, 2002, 2003, 2004
Word 2002
MSN Messenger 6.2
Exchange Server 2003
Exchange Server 2003 Service Pack 1
Exchange 2000 Server Service Pack 3
Any malicious hacker who managed to do this would have complete control
over the machine and could use this access to steal confidential
information or use that machine as a spam forwarder or to attack other
websites.

Microsoft said it was important for users to download the patches and
apply them because often computer code written to exploit the loopholes
quickly follows the issuing of a fix of a bug.

Users are less likely to fall victim to some of the bugs which require
them to visit websites loaded with malicious code that exploits the
flaws.

However, one of the flaws that Microsoft has flagged in its April
update affects many of the net systems that use the IP networking
protocol.

As its name implies IP, aka Internet Protocol, is integral to the way
the net works.

Gerhard Eschelbeck, chief technology officer of Qualys which found the
flaw, said the bug could let an attacker interfere with net traffic to
mount attacks on websites by cutting people off from those sites. These
are known as Source Quench attacks.

So far Microsoft, Cisco, Juniper, IBM and Red Hat have all issued
advice and updates for products that tackle the bug.

All a result of patch Tuesday. Incase you aren't aware, the second Tuesday
of every month is when MS releases updates to
http://windowsupdate.microsoft.com and you should keep up to date with
that.


--
Colin
*Drop DEAD from the email address to reply*

<snip>

Nothing new there then.

--
Please add "[newsgroup]" in the subject of any personal replies via email
--- My new email address has "ngspamtrap" & @btinternet.com in it ;-) ---

In uk.telecom.broadband, none wrote:

>Microsoft has issued patches for five critical bugs in its software.

Please sned this to all you're fiends.


--
Nigel M

"Time may be a great healer,
but he's a lousy beautician"

Nigel M wrote:
> In uk.telecom.broadband, none wrote:
>
>> Microsoft has issued patches for five critical bugs in its software.
>
> Please sned this to all you're fiends.

And watch out for those ...

"really useful emials from Microsoft with, softwear bug patches . pleas
click on the exe atached"

--
Ed.