Latest Web Technology News February 8 2006, the latest breaking New York Web design news brought to you by,
Web Designs Now,Website Designs Now,New York Web Design Homepage,Web Design Services for New York, Connecticut, Long Island,New York Web Design Client Testimonials,Website Portfolio of New York Web Design, About this New York Web Design Firm,Contact this New York Web Design Firm

New Windows Web Browser Vulnerabilities
Latest Web Technology & Web Design News, February 8, 2006

New Windows Web Browser Flaws
Political Divide on Web Neutrality
Adobe Patches Web Vulnerability
Web Postage for e-Mail

More Web Design News:
2009 Current News
2008 November
2008 October
2008 July
2008 June
2007 June
2007 May
2007 March
2006 November
2006 September
2006 August
2006 July
2006 June
2006 May
2006 April
2006 March
2006 February
2006 January
2005 December
2005 November
2005 October
2005 September
2005 August
2005 July
2005 June
2005 May
2005 April
2005 March
2005 February
2004 March
2004 February
2004 January
2003 December
2003 November
2003 October
2003 September
2003 August
2003 July
2003 June
2003 March - May


February 8, 2006

Microsoft (MSFT) on Tuesday warned of two security issues that could put some Windows users at risk of Web attacks and said it is investigating a third possible vulnerability.
By Joris Evers

One security problem is reminiscent of the recent high-profile security woes that affected Windows. It is related to how aging versions of the Web browser Internet Explorer handle malformed Windows Meta File images on the Windows Millennium Edition and Windows 2000 operating systems.

The flaw exists only in IE 5.01 version of the Web browser with Service Pack 4 on Windows 2000 and IE 5.5 with Service Pack 2 on Windows ME, MFST said in a security advisory. Users could be attacked simply by viewing a malicious image on a Web site, in an e-mail or in an image viewer, MFST said.

"An attacker who successfully exploited this vulnerability could take complete control of the affected system," MFST said in its advisory.

Though the WMF vulnerability may appear similar to previous flaws related to WMF that plagued Windows, the issue is different, MFST said. Last month the software maker rushed out a fix for a WMF rendering flaw that was being exploited to install spyware on the computers of unwitting Windows users.

To remedy this new WMF problem, MFST recommends users upgrade to IE6 with Service Pack 1 and said it may issue a security patch.

In a second security advisory, MFST warned of a problem with overly permissive access controls in Windows XP and Windows Server 2003. The problem exists only in versions that do not have the latest service packs installed, the company said.

The access control issue could be exploited by a user with low privileges to run programs and commands that normally require a higher privilege level, MFST said. The software maker suggests installing Service Pack 2 on Windows XP or Service Pack 1 on Windows Server 2003 to limit exposure, or manually changing access controls on the four affected Windows components.

In addition to the security advisories, a MFST representative on Tuesday said the company is investigating a potential vulnerability in its HTML Help Workshop, a part of the HTML Help Software Development Kit version 1.4.

Attack code that takes advantage of the flaw is publicly available. A successful attack could give an attacker full control over a vulnerable computer, security monitoring company Secunia said in an alert. However, the scope is limited because the vulnerable software is used only by software developers and is not part of Windows, according to MFST.

"MFST's initial investigation has revealed that customers who have not installed the HTML Help SDK on their systems are not impacted by this report," the representative said.

MFST's next "patch Tuesday" is on Feb. 14. The company on Thursday is expected to release some details on what software fixes it will deliver.

Web Designs Now
Back to the Top
 © Copyright 2007, All rights reserved  |  Privacy Web Design Forums  |  Web Design News  |  Advertise  |  About Us  |  Contact Us  |  W3C HTML 
 Related Websites: New-York-WebDesign.com