New Internet Explorer Patches

New Internet Explorer Patches
Updates labeled as critical ..
(old news - 02:01PM Saturday Jul 31 2004)
tags: security · trouble · software

Microsoft has released new software patches for its Internet Explorer Web browser, including a fix for a flaw that allowed hackers to target computer users since early June. All three of the flaws addressed are labeled as critical in Microsoft Security Bulletin MS04-025, meaning Microsoft believes they can be easily exploited by an Internet worm to infect personal computers running various versions of the company's Windows operating system. "The company issued the patches outside of its regular monthly release schedule because of the severity of the threat, said Stephen Toulouse, program manager for Microsoft's security response center. The patches can be downloaded at www.microsoft.com/security.

DNS Fix Knocks Zone Alarm Users Offline

Microsoft Discontinuing OneCare

Using PS3's To Forge Site Certificates

PA Man Charged With Selling Hacked Cable Modems

Wednesday Evening Links

FoxNews.com Serving Up Infected Ads?

Uh, Mom? The Air Force Just Attacked Our PC

T-Mobile Systems Hacked?

Forums » New Internet Explorer Patches


	view: topics flat text	Post a:

dadkins Can you do Blu? Premium,MVM join:2003-09-26 Hercules, CA	Ok... Got it/them yesterday, also downloaded the Windows Updates v5 yesterday... eh, it's different. -- Nuke 'em all, let God sort 'em out.
	permalink · 2004-07-31 13:53:08 ·

dslhater Premium join:2001-09-24 Chicopee, MA clubs:	Re: Ok... There's a new comulative patch today. I updated yesterday. Are they patching yesterdays patch lol ??? just wondering.
	permalink · 2004-08-01 14:21:44 ·

antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA

Thanks BBR for posting this important information.
Also, CERT is also warning people yet again on using Internet Explorer and Microsoft software.

Critical Vulnerabilities in Microsoft Windows
Original release date: July 30, 2004
Source: US-CERT

These vulnerabilities affect the following versions of Microsoft Internet Explorer:
* Microsoft Internet Explorer 5.01 Service Pack 2
* Microsoft Internet Explorer 5.01 Service Pack 3
* Microsoft Internet Explorer 5.01 Service Pack 4
* Microsoft Internet Explorer 5.5 Service Pack 2
* Microsoft Internet Explorer 6
* Microsoft Internet Explorer 6 Service Pack 1
* Microsoft Internet Explorer 6 Service Pack 1 (64-Bit Edition)
* Microsoft Internet Explorer 6 for Windows Server 2003
* Microsoft Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)

These vulnerabilities affect the following versions of the Microsoft
Windows operating system:
* Microsoft Windows NT Workstation 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
* Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP and Microsoft Windows XP Service pack 1
* Microsoft Windows XP 64-Bit Edition Service Pack 1
* Microsoft Windows XP 64-Bit Edition Version 2003
* Microsoft Windows Server 2003
* Microsoft Windows Server 2003 64-Bit Edition
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Microsoft Internet Explorer contains three vulnerabilities that may allow arbitrary code to be executed. The privileges gained by a remote attacker depend on the software component being attacked. For example, a user browsing to an unsafe web page using Internet Explorer could have code executed with the same privilege as the user. These vulnerabilities have been reported to be relatively straightforward to exploit; even vigilant users visiting a malicious website, viewing a malformed image, or reading an HTML-rendered email message may be affected.

»www.us-cert.gov/cas/techalerts/T···63A.html
»www.us-cert.gov/cas/alerts/SA04-212A.html
»www.kb.cert.org/vuls/id/266926
»www.kb.cert.org/vuls/id/685364
»www.kb.cert.org/vuls/id/713878
--
Dslreports.com Forum No-Spin zone starts here.
»www.antihotmail.com
spammers_are_scumbags@antihotmail.com

permalink · 2004-07-31 13:57:21 · Print ·

lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone clubs: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	Re: New Internet Explorer Patches said by antiphishing : Thanks BBR for posting this important information. Always my first stop
	permalink · 2004-07-31 14:04:42 ·

Corvus Flaming Tards Since 2003 Premium,VIP join:2003-11-26	A new BBR section? Let's create a "Bug of the month" section in BBR! We see these MS holes and patches every week in headnews, so often that it's not news anymore, it's just something you read at the end of a newspaper like the daily horoscope or weather. -- Jesus saves, but only Buddha makes incremental backups.
	permalink · 2004-07-31 14:09:19 ·

antiphishing Phishing Scam Terminator Premium join:2004-06-09 Wilkes Barre, PA	Let the Firefox revolution begin ! "The flaw was so publicized that millions of users began to seek other browser options such a Mozilla Firefox and Opera". Quote from a Washington Dispatch online article »www.washingtondispatch.com/cultu···448.html -- Dslreports.com Forum No-Spin zone starts here. »www.antihotmail.com spammers_are_scumbags@antihotmail.com
	permalink · 2004-07-31 14:33:09 · Print ·

dadkins Can you do Blu? Premium,MVM join:2003-09-26 Hercules, CA	Re: Let the Firefox revolution begin ! No thanks.
	permalink · 2004-07-31 14:37:45 ·

inciter Noobie Premium join:2000-08-30 Rohnert Park, CA	No thanks! Tried it and the second day it was hit with a security flaw. I'll stick with MS it's a 50/50 choice in my view. And yes I don't give two hoots about it! -- A SUCKER is born every min. On the Internet a SUCKER is born every Sec.
	permalink · 2004-08-01 22:30:11 ·

sean151 Class 2008 Premium join:2003-12-04 Auburn, WA clubs:	Win XP SP2 RC2 It seems I cannot receive this update because I'm running Win XP SP2 RC2.
	permalink · 2004-07-31 14:37:25 ·

Logan 5
A Sense Of Loss On Friday's
Premium,MVM
join:2001-05-25
The WasteLAN

·Pacific Bell - SBC

Re: Win XP SP2 RC2

said by sean151 :
It seems I cannot receive this update because I'm running Win XP SP2 RC2.

This is why you NEVER...NEVER...EVER install 'beta' level software on production machines. Even Microsoft warned you before installing it on their website that this was beta code and you were on your own with no regular support in case problems happen, which it looks like they did for you.

And, since you can't uninstall the Service Pack, it maybe time to use something OTHER than IE anyway, so who knows, perhaps this was a good thing to happen to you after all....
--
I'm a Social Engineering Specialist - "Because there's no patch for Human Stupidity"

permalink · 2004-07-31 14:44:12 · Print ·

dadkins Can you do Blu? Premium,MVM join:2003-09-26 Hercules, CA ·Comcast	Re: Win XP SP2 RC2 "This is why you NEVER...NEVER...EVER install 'beta' level software on production machines." I couldn't agree more! -- Nuke 'em all, let God sort 'em out.
	permalink · 2004-07-31 14:46:44 ·

sean151
Class 2008
Premium
join:2003-12-04
Auburn, WA
clubs:

Re: Win XP SP2 RC2

I know beta level software is bad if it is on a production machine, but where did I say it was a production machine?

I love updating my software. Why else would I be using Microsoft still? Besides my school mandates Microsoft must be on my laptop for school. I'll still put a PPC linux distro on it through PearPC.
--
I wish Comcast would upgrade their upload speeds for free. Thanks to broadband I now can have my own internet radio station: »24.18.33.156:8000

permalink · 2004-07-31 16:09:33 · Print ·

BoomerSooner Premium join:2004-02-11 ·Pioneer Telephone .. ·Pioneer Internet	I don't believe the vulnerability affects users running SP2. That is most likely why you don't see the update available. As far as I can tell from both Microsoft's and CERT's website, PC's with SP2 installed are NOT affected. -- I'll take "Things Only I Would Know" for $10,000 Alex.
	permalink · 2004-07-31 15:18:39 ·

Mark_Venture

join:2000-05-31
Wilmington, DE

Re: Win XP SP2 RC2

said by BoomerSooner :
I don't believe the vulnerability affects users running SP2. That is most likely why you don't see the update available.

As far as I can tell from both Microsoft's and CERT's website, PC's with SP2 installed are NOT affected.

Question... if it is true that SP2 isn't affected, it would imply that MS knew about and fixed the bug a few weeks ago or more (when was the last SP2 RC version released?) but did NOT release the fix right away.

Why such a lag?
--
Linksys BEFCMU10, BEFSR41 v1.0, WRT54G v1.0, EZXS88W, etc.. see profile for PC configs

permalink · 2004-08-01 07:31:31 · Print ·

BoomerSooner
Premium
join:2004-02-11

·Pioneer Telephone ..

·Pioneer Internet

Re: Win XP SP2 RC2

said by Mark_Venture :
... it would imply that MS knew about and fixed the bug a few weeks ago ...

Not necessarily. The vulnerability could be blocked by one (or more) of the ENHANCEMENTS that MS has added to the security features with SP2. Chances are MS found some means of blocking several different avenues of exploiting XP and apparently, it's working thus far (knock on wood).
--
I'll take "Things Only I Would Know" for $10,000 Alex.

permalink · 2004-08-01 11:24:28 · Print ·

BeaverHunter join:2001-01-03 Palmdale, CA	if i recall correctly winxp sp2 rc2 didn't need these patches because it was already fixed in sp2. If you do a search for it here on this forum you'll find the thread i'm talking about.
	permalink · 2004-07-31 15:14:54 ·

Logan 5 A Sense Of Loss On Friday's Premium,MVM join:2001-05-25 The WasteLAN ·Pacific Bell - SBC	Well, any machine that you use on a regular basis could fall under the term 'production machine' so I guess if you aren't worried about that then more power to 'ya.....:D Looks like you're a .nix user as well, so I guess then it really doesn't matter much about to the Widows stuff now does it.... -- I'm a Social Engineering Specialist - "Because there's no patch for Human Stupidity"*
	permalink · 2004-07-31 16:39:58 · Print ·

Logan 5 A Sense Of Loss On Friday's Premium,MVM join:2001-05-25 The WasteLAN	Yet again.... Aren't ALL updates for Internet Exploder *Critical* ones....?
	permalink · 2004-07-31 14:38:02 ·

Anonymous Premium join:2004-06-01 IA	?? Funny thing is I had to install those twice. Yesterday by using V5 update and today with automatic update service. -- Stealing software since 2002
	permalink · 2004-07-31 14:43:25 ·

Grail Knight
Who Dares Wins
Premium
join:2003-05-31
Erie, PA

·Verizon Online DSL

IE is faster yet is it safe!?

General Observations:

Seems to me that patch did more than a security fix. IE6 SP1 is a hell of a lot faster than before yesterdays patch. Nice of them to patch and tweak.
If only MS would let the end user really know what they are installing without having to hunt for it.
To little to late.
I only keep it patched as part of my update routine for my OS.

I will stick with my Firefox and Thunderbird. Mozilla is headed in the right direction with these two Internet Clients, but the choice is yours to make as to which browser you want to use.

More power to you.

permalink · 2004-07-31 15:19:35 · Print ·

Mike Premium,Mod join:2000-09-17 Pittsburgh, PA clubs:	virus to follow in about 2 weeks to cripple every IE machine to follow
	permalink · 2004-07-31 15:33:19 ·

mrham Premium join:2002-05-14 Leesburg, FL ·Embarq	It Ain't Wort The Problems Well, I installed the new updater yesterday, and ever since, it tells me it can't validate the number. This is absolutely absurd, as I have the book, and the hologram thingy. Plus it was preinstalled when I bought it new. Now, to find a way to uninstall this disaster. Anyone have a clue as how to get rid of this junk??
	permalink · 2004-07-31 16:19:57 ·

Jeff_B Premium join:2000-09-24 Brick, NJ	Re: It Ain't Wort The Problems Someone posted how to remove it in this thread »New Version of Windows update and it worked for me.
	permalink · 2004-07-31 17:16:22 ·

stridr69

join:2003-05-19
San Luis Obispo, CA

Bulletin MS04-025,

Well...I updated on 7/31/2004.
So far...So Good..
But, I'm using Firefox 0.9.2 as my main browser and I.E. as needed, so I can't comment on the update good or bad. I used I.E. after I updated using known sites(currently using »cad.chp.ca.gov/..tracking the CA Highway Patrol in my neck of the woods..So far...So Good...
..now I'm waiting for the MAJOR(80Mb upgrade) due this month.
I'll set up a restore point BEFORE I download...just in case..

permalink · 2004-08-01 00:42:49 · Print ·

samrocks Premium join:2003-07-30	What brower should be used besides IE? What will be the best browser to use as a alternitive to internet explorer? I want a brower that loads pages fast and contains no spyware or adware.
	permalink · 2004-08-01 09:35:51 ·

dslhater Premium join:2001-09-24 Chicopee, MA clubs:	Re: What brower should be used besides IE? Hmm I wonder what you could use??? I don't know you can try firefox or heck maybe even mozilla. That's just me. Ask around to make sure.:D
	permalink · 2004-08-01 10:32:46 ·

antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA

1 edit

__________________________________________________________
What will be the best browser to use as a alternative to internet explorer?
__________________________________________________________

The below should answer your questions.

»www.mozilla.org/products/firefox···0.9.html
»www.mozilla.org/products/firefox/

The ten best things about Mozilla Firefox.

10) A large decrease in spyware or adware
09) File download manager
08) Excellent integration of IE bookmarks
07) Small Windows program compared to IE. 4.7MB for
Windows.
06) Browser Themes (Recommend FirefoxModern 0.7.1)
05) Extensions
04) Pop-up blocker
03) No Active-X controls.
02) No browser lockups, errors,hang-ups, and the program doesn't crash Windows. Longer mean time before Windows reboots.
01) Tabbed Browsing
--

Dslreports.com Forum No-Spin zone starts here.

»www.antihotmail.com
spammers_are_scumbags@antihotmail.com

permalink · 2004-08-01 12:57:22 · Print ·

Mordhem Direct Tech join:2003-07-10 Gaffney, SC	Re: What brower should be used besides IE? hehe going to test Firefox but I have no problems with IE I love the new add blocking thing makes life so easy hehe.
	permalink · 2004-08-01 19:15:44 ·

your comment..

Forums » New Internet Explorer Patches


Saturday, 04-Jul 19:40:14	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9.5 years online! © 1999-2009 dslreports.com.

Ok...

Re: Ok...