Windows-Help.NET Newsletter 23 Nov. 2002, Vol 5 No. 47

In this issue:

w   Serious bugs expose millions of Windows users
w   Microsoft Security Bulletin
w   Recent Support BBS Postings
w   Web Site Updates
w   Administrivia

The Utility For Any Serious Windows Tweaker!

Serious bugs expose millions of Windows users

by Arie Slob

Hello Windows users,

In the past week, Microsoft released patches for a Windows component called Microsoft Data Access Components (MDAC), and a new cumulative update for Internet Explorer.

The MDAC patch particular is rated as critical, because the vulnerable version(s) could allow attackers to run code of their choice on your systems! It also enables controlled Internet access to remote data resources through Internet Information Services (IIS), Microsoft's Web server product. It is believed that the majority of the 4 million plus Web sites hosted on IIS are affected by this vulnerability.

The MDAC component is included by default as part of Windows XP, Windows 2000, and Windows Millennium Edition, but it is also available in stand-alone technology, and included in Microsoft Internet Explorer, so most Windows users are affected by this vulnerability. Although Windows XP includes the MDAC components this issue does not affect it.

Security company Foundstone Research Labs first discovered the vulnerability, and worked with Microsoft in developing a patch.

Microsoft recommends all users whose systems could be affected to take action immediately. According to Microsoft's security program manager Lynn Terwoerds, there is a possibility that a worm might exploit the vulnerability. Computers that are used to browse the Web or read email should install the patch immediately. This is also recommended for computers that host Web sites using IIS.

To install the update, visit the WindowsUpdate Web site, or download [814 KB] the patch (for Windows 98, Me, NT4 and 2000).

The MDAC patch is also discussed on our WindowsBBS Web site.

More information on the cumulative update for Internet Explorer below.


CTube Internet TVWatch over 700 channels of Internet TV, webcams, news and entertainment through your Internet connection. New stations are also added every month. Broadband *not* required... a dialup connection will work!

Buy CTube now for only $24 and start enjoying unlimited Internet TV download [4.2 MB] a trial version now!

Microsoft Security

November Cumulative Patch for Internet Explorer

Microsoft released a cumulative patch for Internet Explorer that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, this patch eliminates six newly discovered vulnerabilities.

Affected Software Versions

  • Microsoft Internet Explorer 5.01, 5.5 and 6.0


    Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution

    Microsoft released a patch for Microsoft Data Access Components (MDAC), which contains a bug that an attacker could cause data of his or her choice to overrun onto the heap.

    Affected Software Versions

  • Microsoft Data Access Components (MDAC) 2.1, 2.5 and 2.6
  • Microsoft Internet Explorer 5.01, 5.5 and 6.0


    Recent Support BBS Postings

    Virtual memory is dangerously low - Windows XP
    November Cumulative Patch for Internet Explorer - Int. Explorer
    Need free defrag util for Win 2k - Windows 2000
    Installing a new hard drive - Hardware
    BootDisk - Windows XP

    Web Site Updates

    These pages were added/updated in the past 2 weeks. Information on previously updated/added pages is available on the What's New? page for 1 month.

    Added: Video Games and Kids -- Part 1


    Added: Microsoft Security: November Cumulative Patch for Internet Explorer
    Added: Microsoft Security: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution

  •   Highlights

    Video Games and Kids -- Part 1

    Are video games enriching our youngest childrens' lives or...

    Read Full Article
    Microsoft to simplify security alerts

    To help customers, Microsoft will now create a less technical end-user security bulletin that they will post at a new Security Web site. Microsoft will continue to release the current security bulletins targeted to technical professionals. The new end-user security bulletins will describe straightforward steps that customers can take to help keep their systems secure.

    "Customer feedback tells us that, while technical professionals value our security bulletins, many end-users find them overly detailed and confusing," Steve Lipner, director of Microsoft Security Assurance, wrote in the e-mail.

    In addition, before year's end, Microsoft intends to create a new End User Security Notification Service that will notify customers of security issues in end-user-oriented products and provide a link to the appropriate end-user security bulletin.
    Tell a friend about this Newsletter!

    Need Help with Windows? Ask questions here!

    FREE Software!

      Web Site

    Support BBS
    Windows 95
    Windows 98
    Windows Me
    Windows 2000
    Windows XP
    IRC Info
    'Net Humor
    Search Engines
    Shareware Links
    Software Store
    TechFiles Index
    Web Design

    Rose City Software
    RCS Summaries
    Be a Beta tester
    List With Us

      Subscribe Free

    IT Professionals
    Windows XP
    Windows XP Software
    Windows XP Security
    Windows XP Networking
    Windows XP Systems Management
    Windows 2000
    Windows Networking
    Small business owners
    Network Management
    Systems Administrators
    Training & Certification

    Lots More Great Mailing Lists!

    Enter E-mail address HTML E-mail?
    Yes No
    Zip Code:

    Subscribers to these free lists will receive occasional e-mail announcements of special offers relating to each topic of interest indicated above!

    Back Issues, unsubscribing etc.