EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE
From: rh (richardh@ccsuk.fsnet.co.uk)
Date: 10/31/02
- Next message: Howie: "offline files"
- Previous message: Måç: "Re: Messenger Service"
- Next in thread: Rod: "Re: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE"
- Reply: Rod: "Re: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE"
- Reply: Jupiter Jones: "Re: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE"
- Reply: Matt Scarborough: "Re: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "rh" <richardh@ccsuk.fsnet.co.uk> Date: Thu, 31 Oct 2002 03:39:52 -0800
How on earth am I supposed to notify MS of the following -
I can find no conatct e-mails!!!!
Attachment file : q216309.exe
Virus name : W32/Gibe@MM
Microsoft Customer
this is the latest version of security update, the
"15 Oct 2002 Cumulative Patch" update
which eliminates
all
known security vulnerabilities affecting
Internet
Explorer and
MS Outlook/Express as well as six new
vulnerabilities,
and is
discussed in Microsoft Security Bulletin
MS02-005.
Install now to
protect your computer from these
vulnerabilities, the
most serious of which
could allow an attacker to run code on
your computer.
Description of several well-know
vulnerabilities:
- "Incorrect MIME Header Can Cause IE to
Execute E-mail Attachment" vulnerability.
If a malicious user sends an affected HTML
e-mail or
hosts an affected
e-mail on a Web site, and a user opens the
e-mail or
visits the Web site,
Internet Explorer automatically runs the
executable on
the user's computer.
- A vulnerability that could allow an
unauthorized user
to learn the location
of cached content on your computer. This
could enable
the unauthorized
user to launch compiled HTML Help (.chm)
files that
contain shortcuts to
executables, thereby enabling the
unauthorized user to
run the executables
on your computer.
- A new variant of the "Frame Domain
Verification" vulnerability could enable a
malicious Web site operator to open two
browser windows,
one in the Web site's
domain and the other on your local file
system, and to
pass information from
your computer to the Web site.
- CLSID extension vulnerability.
Attachments which end
with a CLSID file extension
do not show the actual full extension of
the file when
saved and viewed with
Windows Explorer. This allows dangerous
file types to
look as though they are simple,
harmless files - such as JPG or WAV files -
that do not
need to be blocked.
System requirements:
Versions of Windows no earlier than
Windows 95.
This update applies to:
Versions of Internet Explorer no earlier
than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier
than 4.01
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after
installing this
item.
For more information about these issues,
read Microsoft Security Bulletin MS02-005, or visit link
below.
http://www.microsoft.com/windows/ie/downloads/critical/defa
ult.asp
If you have some questions about this
article contact us
at rdquest12@microsoft.com
Thank you for using Microsoft products.
With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of
Microsoft
Corporation.
Windows and Outlook are trademarks of
Microsoft
Corporation.
- Next message: Howie: "offline files"
- Previous message: Måç: "Re: Messenger Service"
- Next in thread: Rod: "Re: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE"
- Reply: Rod: "Re: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE"
- Reply: Jupiter Jones: "Re: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE"
- Reply: Matt Scarborough: "Re: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~INTERNET SECURITY UPDATE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
