Microsoft Internet Explorer 6.x with all vendor patches installed and
all vendor workarounds applied, is currently affected by one or more
Secunia advisories rated Highly critical


Mozilla Firefox 1.x with all vendor patches installed and all vendor
workarounds applied, is currently affected by one or more Secunia
advisories rated Less critical


Opera 8.x with all vendor patches installed and all vendor workarounds
applied, is currently affected by one or more Secunia advisories rated
Not critical



Microsoft Windows WMF "SETABORTPROC" Arbitrary Code Execution
Secunia Advisory: SA18255
Release Date: 2005-12-28
Last Update: 2005-12-29
Critical: Extremely critical

http://secunia.com/

Graham

"Pooh Bear" wrote ...
Microsoft Internet Explorer 6.x with all vendor patches
installed and all vendor workarounds applied, is currently
affected by one or more Secunia advisories rated Highly
critical

Secunia seems to be trying to make a name for themselves.
CERT and the other virus-tracking entities aren't nearly
as breathlessly concerned as Secunia appears to be.
Perhaps they should see that "Chicken Little" movie.

Richard Crowley wrote:

"Pooh Bear" wrote ...
Microsoft Internet Explorer 6.x with all vendor patches
installed and all vendor workarounds applied, is currently
affected by one or more Secunia advisories rated Highly
critical

Secunia seems to be trying to make a name for themselves.
CERT and the other virus-tracking entities aren't nearly
as breathlessly concerned as Secunia appears to be.
Perhaps they should see that "Chicken Little" movie.

Secunia simply seems to have been on the ball.

F Secure has also been in the forefront.

Your response is typical " oh it won't happen to me ".

I have never known a security flaw before where the infection takes
place withut a user click. *And* can happen by merely visiting a
website.

Although my PC actually passes the only known security test for this
problem so far available I have moved to using the Opera browser. It's
very good. I would recomend it.


" Monday, January 2, 2006
Targeted WMF email attacks Posted by Mikko @ 12:17 GMT

Our colleagues and business partners at Messagelabs have stopped a
very interesting WMF attack today.

A new WMF exploit file was spammed to a targeted list of a few dozen
high-profile email addresses.

The email urged recipients to open the enclosed MAP.WMF file - which
exploited the computer and downloaded a backdoor from
www.jerrynews[dot]com.

What makes the case really interesting was the cloak-and-dagger
language used in the email which was spoofed to originate from US
State Department's security unit. "

http://www.f-secure.com/weblog/


There is apparently a live WMF virus out there masquerading as a joke
jpeg file btw.

Graham

"Pooh Bear" wrote in message
...


Richard Crowley wrote:

"Pooh Bear" wrote ...
Microsoft Internet Explorer 6.x with all vendor patches
installed and all vendor workarounds applied, is currently
affected by one or more Secunia advisories rated Highly
critical

Secunia seems to be trying to make a name for themselves.
CERT and the other virus-tracking entities aren't nearly
as breathlessly concerned as Secunia appears to be.
Perhaps they should see that "Chicken Little" movie.

Secunia simply seems to have been on the ball.

F Secure has also been in the forefront.

Your response is typical " oh it won't happen to me ".

I have never known a security flaw before where the infection takes
place withut a user click. *And* can happen by merely visiting a
website.

Although my PC actually passes the only known security test for this
problem so far available I have moved to using the Opera browser. It's
very good. I would recomend it.


" Monday, January 2, 2006
Targeted WMF email attacks Posted by Mikko @ 12:17 GMT

Our colleagues and business partners at Messagelabs have stopped a
very interesting WMF attack today.

A new WMF exploit file was spammed to a targeted list of a few dozen
high-profile email addresses.

The email urged recipients to open the enclosed MAP.WMF file - which
exploited the computer and downloaded a backdoor from
www.jerrynews[dot]com.

What makes the case really interesting was the cloak-and-dagger
language used in the email which was spoofed to originate from US
State Department's security unit. "

http://www.f-secure.com/weblog/


There is apparently a live WMF virus out there masquerading as a joke
jpeg file btw.

Graham

I browse in Virtual PC, so there's absolutely no chance of catching this
thing outside of the sandbox for me.

"Pooh Bear" wrote ...
Your response is typical " oh it won't happen to me ".

McAfee rates it as "low". My computer was automatically
patched for it via my subscription.

Richard Crowley wrote:

"Pooh Bear" wrote ...
Your response is typical " oh it won't happen to me ".

McAfee rates it as "low".

MacAfee also don't have a clue IMHO. I stopped using their products
ages ago. Over-rated, over-priced and under-performing. They trade on
their name.

My computer was automatically
patched for it via my subscription.

Considering that *Microsoft haven't released a patch*, that's pretty
impressive !

Graham

"Pooh Bear" wrote...
Richard Crowley wrote:
McAfee rates it as "low".

MacAfee also don't have a clue IMHO. I stopped using
their products ages ago. Over-rated, over-priced and
under-performing. They trade on their name.

Thank you for sharing with us. Multi-billion dollar
high-tech international corporations with staffs of
dozens of engineers who are dedicated to network
threat protection appear to have faith in McAfee.
Maybe you should offer your services to these poor
clueless customers.

My computer was automatically
patched for it via my subscription.

Considering that *Microsoft haven't released a patch*,
that's pretty impressive !

Virus scanning works by detecting the virus signature
in any file you open (incudling images, etc. in web
pages.) OS patches work by closing the loophole in
the code that the virus exploits. But I'm sure you knew
that.

Pooh Bear wrote:
Although my PC actually passes the only known security test for this
problem so far available I have moved to using the Opera browser. It's
very good. I would recomend it.

What test is this? How can I test my PC? Is there a web site with a
non-destructive version of the virus that I can visit?

I have looked at Opera in the past and dammint I don't want to get
accustomed to a new user interface.

Mike Rivers wrote:

Pooh Bear wrote:
Although my PC actually passes the only known security test for this
problem so far available I have moved to using the Opera browser. It's
very good. I would recomend it.

What test is this? How can I test my PC? Is there a web site with a
non-destructive version of the virus that I can visit?

I've posted the file at alt.binaries.schematics.electronics


I have looked at Opera in the past and dammint I don't want to get
accustomed to a new user interface.

That kinda troubled me too. Don't worry. It's a breeze. I'm sold already (
and I'm *fussy* ) - can't see me going back to IE. The page rendering is
delightfully fast. IE looks like a slug in comparison.

In any event why not just try it to see ?

Graham

Pooh Bear wrote:

What test is this? How can I test my PC? Is there a web site with a
non-destructive version of the virus that I can visit?

I've posted the file at alt.binaries.schematics.electronics

Oh, well. I don't download files from newsgroups. It seems that's one
of the best places to get viruses.

I tried Opera when it was new, and probably still unfinished. I don't
like to install stuff haphazardly since uninstallations are rarely
complete, and I don't have a test machine set aside that I can
re-install from scratch any time. So, no thanks, I'll take my chances
and stick with Netscape.

I rarely go to web sites that don't have a pretty good pedigree, so
unless some place that I visit regularly (typically for an on-line
forum, or an audio equipment manufacturer) gets infected without their
knowledge, probably by hacker infiltration, I'm reasonable safe. The
only time I ever get e-mail with files atttached that don't come from
someone that I know and that I'm expecting is through my Yahoo mail
account, and that's pretty well protected. Besides, I almost never open
those messges anyway.

Pooh Bear wrote:

Your response is typical " oh it won't happen to me ".

It won't happen to me, because I won't put a Microsoft operating system
on the network.
--scott

--
"C'est un Nagra. C'est suisse, et tres, tres precis."

Scott Dorsey wrote:

Pooh Bear wrote:

Your response is typical " oh it won't happen to me ".

It won't happen to me, because I won't put a Microsoft operating system
on the network.

Hell, I won't put any M$ software of any kind in any computer I own. My
employer's win2K laptop does get connected to my home network, but it's
their problem. And it beats driving 95 miles into the office every f^%#$&
day. I don't think there's much risk in that one winbows box infecting any
of my Debian boxes or my hardware router or print server. If it does, they
don't want to see my next expense report,

Agent 86 wrote:

Scott Dorsey wrote:

Pooh Bear wrote:

Your response is typical " oh it won't happen to me ".

It won't happen to me, because I won't put a Microsoft operating system
on the network.

Hell, I won't put any M$ software of any kind in any computer I own. My
employer's win2K laptop does get connected to my home network, but it's
their problem. And it beats driving 95 miles into the office every f^%#$&
day. I don't think there's much risk in that one winbows box infecting any
of my Debian boxes or my hardware router or print server. If it does, they
don't want to see my next expense report,

Most ppl don't have the luxury of avoiding Windows. They need to use everyday
applications that other ppl use.

Graham

http://www.microsoft.com/technet/sec.../MS06-001.mspx

"Richard Crowley" wrote in message
...
http://www.microsoft.com/technet/sec.../MS06-001.mspx
www.microsoft.com homepage has a link to the update.

geoff

Richard Crowley wrote:
http://www.microsoft.com/technet/sec.../MS06-001.mspx



What utter assholes. From the FAQ:

"Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition critically affected by one or more of the vulnerabilities that
are addressed in this security bulletin?

No. Although Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition do contain the affected component, the vulnerability
is not critical because an exploitable attack vector has not been
identified that would yield a Critical severity rating for these
versions. For more information about severity ratings, visit the
following Web site."

98's not vulnerable because it hasn't been attacked to their knowledge,
although it can be successfully if anyone tries. Only those *******s
could find that to be logical.


Bob
--

"Things should be described as simply as possible, but no simpler."

A. Einstein

Bob Cain wrote:

Richard Crowley wrote:
http://www.microsoft.com/technet/sec.../MS06-001.mspx



What utter assholes. From the FAQ:

"Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition critically affected by one or more of the vulnerabilities that
are addressed in this security bulletin?

No. Although Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition do contain the affected component, the vulnerability
is not critical because an exploitable attack vector has not been
identified that would yield a Critical severity rating for these
versions. For more information about severity ratings, visit the
following Web site."

98's not vulnerable because it hasn't been attacked to their knowledge,
although it can be successfully if anyone tries. Only those *******s
could find that to be logical.

Quite.

Bound to be the virus writers' next target !

Graham

Bob Cain wrote:

What utter assholes. From the FAQ:

"Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition critically affected by one or more of the vulnerabilities that
are addressed in this security bulletin?

No. Although Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition do contain the affected component, the vulnerability
is not critical because an exploitable attack vector has not been
identified that would yield a Critical severity rating for these
versions. For more information about severity ratings, visit the
following Web site."

98's not vulnerable because it hasn't been attacked to their knowledge,
although it can be successfully if anyone tries. Only those *******s
could find that to be logical.

Just another way to force users of older versions to upgrade. Puts
another few dollars into Bill's pocket.

On Fri, 06 Jan 2006 06:33:49 -0500, Jim Gilliland
wrote:

Bob Cain wrote:

What utter assholes. From the FAQ:

"Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition critically affected by one or more of the vulnerabilities that
are addressed in this security bulletin?

No. Although Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition do contain the affected component, the vulnerability
is not critical because an exploitable attack vector has not been
identified that would yield a Critical severity rating for these
versions. For more information about severity ratings, visit the
following Web site."

98's not vulnerable because it hasn't been attacked to their knowledge,
although it can be successfully if anyone tries. Only those *******s
could find that to be logical.

Just another way to force users of older versions to upgrade. Puts
another few dollars into Bill's pocket.

Most people who use older computers are not satisfied with using older
software.The problem is when they upgrade to windows xp, upgrade their
browser,anti virus,spyware protection, firewalls,etc.They have 4
messengers, 3 media players,printer software and 20 other tray icons
running in systray.Then they wonder why thier computer with 128 megs
of ram is running so slow.This bogs down tech support with problems
that are not really resovleable.Eventually they need to get a new
computer.The price of upgrading is not worth it when you can get new
computers from an ISP , manufacturer or pawn shop for $299.00 or less.
We have people call on occasion who use win 3.1,windows 95 and they
are shocked we no longer support them.It is time to retire winodws 98
also.

Randall

"Abyssmal" wrote in message
..

Most people who use older computers are not satisfied with using older
software.The problem is when they upgrade to windows xp, upgrade their
browser,anti virus,spyware protection, firewalls,etc.They have 4
messengers, 3 media players,printer software and 20 other tray icons
running in systray.Then they wonder why thier computer with 128 megs
of ram is running so slow.This bogs down tech support with problems
that are not really resovleable.Eventually they need to get a new
computer.The price of upgrading is not worth it when you can get new
computers from an ISP , manufacturer or pawn shop for $299.00 or less.
We have people call on occasion who use win 3.1,windows 95 and they
are shocked we no longer support them.It is time to retire winodws 98
also.

So the point of faster more powerful processors is to run Win3.1 and
Word2.0 faster ? Or to (optionally) have more sophisticated functionality
?

geoff

No. Although Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition do contain the affected component, the vulnerability
is not critical because an exploitable attack vector has not been
identified that would yield a Critical severity rating for these
versions. For more information about severity ratings, visit the
following Web site."

98's not vulnerable because it hasn't been attacked to their knowledge,
although it can be successfully if anyone tries. Only those *******s
could find that to be logical.


You're not reading it correctly.

Microsoft didn't say the stated operating systems weren't vulnerable. They
said they weren't crtically vulnerable.