Critical Security Fix for Microsoft Internet Explo > Forums

Unanswered

Active Topics

Forums

Forums > Viruswarning Forum > Viruswarning archive

Subject: Critical Security Fix for Microsoft Internet Explo

Email me when someone replies to this thread.

You are not authorized to post a reply.

Author

Messages

David Gray
Posts:22

10/16/2002 1:42 PM
What Is It? Microsoft has released a critical security update for versions 5.0 through 6.0 of Internet Explorer to correct several buffer overflow vulnerabilities that have been identified recently. Since this is also a cumulative security update, now is a good time to catch up if you have been unable to visit the Windows Update service lately. A buffer overflow occurs when a program fails to truncate excessively long strings of data that are fed to it. Most programs set aside a fixed amount of memory to accept, for example, a URL or an XML string. For example, a program might set aside 255 bytes to hold a URL that it needs to process. A buffer overflow vulnerability exists if it is possible to feed the program a longer URL string of, say, 400 bytes, and have the whole string processed. When this happens, the extra 145 bytes overwrite areas of memory that belong to the program but were set aside for other purposes. Depending on what is in the affected area of memory, the buffer overflow may cause incorrect or erratic behavior of the program or execution of code of the attacker's choice. Such code runs in your machine in your security context. It can do anything that you can do, including altering or deleting files, changing or deleting Registry keys, running another program, and so forth. What Should You Do? Update your copy of Microsoft Internet Explorer. You can most easily accomplish this by visiting the Windows Update site at http://windowsupdate.microsoft.com. Click the "Scan for Updates" link in the page that displays. After a few moments, a list displays in the left portion of the screen showing available updates under the "Pick options to install" outline item. Your list will vary depending on when you last visited the site, what version of Windows you have, and what accessories you have installed. The first item on this list is always "Critical Updates and Service Packs." You may review the list by clicking either the "Critical Updates and Service Packs" link itself or the "Review and Install Updates" link in the right pane of the window. By default, all critical updates are selected for installation. If for some reason you elect to skip an update (such as if you want to install them one at a time), you must click the Remove button for each update you want to skip. We recommend that you install them all at once, as this is the easiest, least time consuming, and most painless way. After the installation is finished, you will be told that your computer must be restarted to activate the patched programs. When you press the OK button, the machine will restart on its own. If it fails to do so for any reason, use the Start Menu to shut down and restart. Additional Information You can read all the gory details in Microsoft Product Security Bulletin MS02-047, "Cumulative Patch for Internet Explorer (Q323759)" at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-047.asp. This concludes this VirusWarning notice, drafted Saturday, 24 August 2002 and sent Tuesday, 03 September 2002. David Gray P6 Consulting V: +1 (972) 751-0254 TZ: USA Central, GMT -5 E: mailto:dagray@p6c.com W: http://www.p6c.com David Gray, Moderator A. K. A. Mr. Spock You are more importnat than any technology we may employ.

You are not authorized to post a reply.

Forums > Viruswarning Forum > Viruswarning archive > Critical Security Fix for Microsoft Internet Explo

ActiveForums 3.6