Bugs and Fixes: Fix flaws in IE

Microsoft Word and Acrobat are also vulnerable to attacks from poisoned files.

The explosion of user-generated multimedia content has made the Web more fun, but unfortunately the bad guys get to play, too. These days some of the easiest venues for an attack are sites that let users post their own material.

For example, the Internet Storm Center, which tracks online assaults, recently reported that criminals used normal JavaScript features in Apple QuickTime movies to launch an attack against a MySpace vulnerability. When users viewed an infected movie on a MySpace page, the video (via the flaw) embedded itself on their own MySpace pages, and replaced their links with pointers to phishing sites. That flaw has since been fixed, but new program vulnerabilities keep the user-posted-content threat alive.

WMP problems

Microsoft recently patched two critical holes in the way WMP (Windows Media Player 6.4 through 10) handles streaming media files with .asf and .asx extensions. An active attack using either hole would set you up for a classic drive-by malware download if you viewed a tainted page in IE (and thereby automatically called up Media Player to play a video or audio file) or otherwise pulled poisoned content directly into WMP. And, according to Microsoft, you have a particular risk of encountering such content on sites "that accept or host user-provided content or advertisements". The flaw affects WMP in Windows 2000 Service Pack 4 through Windows XP SP2; get the fix via Automatic Updates, or at http://microsoft.com/technet/security/Bulletin/MS06-078.mspx Version 11 of WMP (Windows Media Player) is not at risk. At press time neither bug had been exploited - but the proof-of-concept code, often a precursor to an attack, had been posted for one of them.

HOLE-Y IE 6

Microsoft also patched two critical flaws in Internet Explorer 5.01 through 6.0 SP1 (in Windows 2000 SP4 through XP SP2) that could leave you open to an attack from a poisoned Web site (IE 7 is not vulnerable). Both holes take advantage of memory-corruption errors in the way IE handles scripts. No attacks are known to exist as of yet; but once again the company warns that sites hosting user-provided content are a likely avenue of attack.

Grab the fix through Automatic Updates, or as part of a large, cumulative IE patch at IE Patch

As for Word, Microsoft is warning about yet another pair of zero-day attacks that try to trick unsuspecting users into opening rigged Word documents. In Windows, the as-yet-unaddressed holes affect Word 2000, 2002 and 2003, plus Word Viewer 2003; for Macs, Word 2004 and Word X are also in danger. Works 2004, 2005 and 2006 are likewise affected.


In brief

Patch critical Acrobat Reader holes

Security company Sophos found critical cracks in the ActiveX control for versions 7.0 through 7.0.8 of Adobe Reader and Adobe Acrobat Standard and Professional. No attack exists yet, but if one arises you'd have only to visit a contaminated site in IE to be the victim of a drive-by download.

To close the hole, upgrade to version 8 of either product, or patch version 7. Adobe is working on an automatic update, but until that method is available, get the fix from Adobe Support

Bug slows IE 7

A Phishing Filter bug can reduce your computer to a crawl on Web sites with many frames. Get the fix at Support Microsoft

Vista battery drain

Notebooks with the new OS will have default settings that help connect to public hotspots but decrease battery life. To get more info - and change the settings - go to Windows Vista Blog