tedster, this is becoming a weekly thing! ;)

I'm not looking forward to the day when a hacker gets into that Windows Update script. Just think, they hack it, out goes millions of update messages. Half of those people go through the automatic process of updating only to find out that their hard drive has been wiped clean!

There is an article/discussion on Slashdot about this today:

[slashdot.org...]

What's interesting is that MS suggest that to be safe against
being being vulnerable after patching things up, one also
should remove everyone -- including Microsoft -- from the list
of "trusted publishers". I was amused at that when I read it.
So who do you then trust...and when...ever?

However, this hole that affects most folks out there
browsing the internet on their Windows PCs (except for
Windows XP according to Microsoft) is not amusing at all.

What's really scary about this is that someone can run
any code they want on your system -- like code to format
your hard drive or install a trojan -- without your
knowledge simply by you either visiting their web page
or opening an HTML e-mail. Just think if some spammer
sent out an HTML e-mail to millions of folks who open
their spam HTML mail before deleting by going message
to message instead of "select all -- delete" without
actually opening the e-mails.

Talk about an easy way to create a DDOS attack network.

This is a menace to the entire internet community.

Take care,

Louis

Thanks for the pointer Tedster...

Scary!

Suzy
:(

I don't fully understand this - in all of my security zones I have almost everything set to prompt, and I rarely let any kind of scripting run - am I still vunerable?

More specifically, if I set each of the following to disable am I ok?

Download signed ActiveX controls
Download unsigned ActiveX controls
Initialize and script ActiveX controls not marked as safe
Run ActiveX controls and plug-ins
Script ActiveX controls marked safe for scripting

A bit OT, but can anyone explain what the difference is between "Download", "Initialize", "Script", and "Run" above? And what is the minimum I need to enable to allow Flash to run and is there any security risk in doing that?

Thanks!

From the way I read the bulletin, yes, you are vulnerable -- no matter what your security settings -- unless you install the patch. Apparently this hole allows an exploit to bypass the normal triggers that would stop a script from running.

And, by the way, could those IE6 security and privacy settings be more confusing? I can't figure out half the time how the browser will change is I check a certain box.

Thanks Tedster had not heard of this one before. Thanks.