Windows-Help.NET Newsletter

01. Microsoft releases Critical IE configuration change

by Arie Slob

Hello Windows users,

Microsoft has confirmed a report of a security issue known as Download.Ject affecting customers using Microsoft Internet Explorer, a component of Microsoft Windows.

Last Friday, Microsoft released a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address this issue (Windows 9x/Me have now also been addressed). Microsoft strongly encourages users to apply this configuration change immediately to help protect their computers.

You can get the update from the WindowsUpdate Web site.

The initial discovery of this vulnerability came when on Thursday, June 24, 2004, Microsoft responded to reports that some customers running IIS 5.0 (Internet Information Services), a component of Windows 2000 Server, were being targeted by malicious code, known as "Download.Ject." Internet service providers and law enforcement, working together with Microsoft, identified the origination point of the attack -- a Web server located in Russia -- and shut it down on Thursday, June 24, 2004.

The vulnerability is caused when an existing functionality was combined with known security vulnerabilities in Microsoft Internet Explorer. An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.

Microsoft also made this update available for Windows Millennium Edition, Windows 98, and Windows 98 Second Edition under the extended support for critical security issues.

You can find more information on this update, including a way to manually secure your PC in Microsoft Knowledge Base Article 807669.

You should also visit the What You Should Know About Download.Ject Web page, this contains additional information, including how to determine if your computer has been infected with the malicious code.

Note: Users of Windows XP Service Pack 2 Release Candidate 2 (Windows XP SP2 RC2) are not at risk.

Give your comments on this article.

02. Recommended Web sites

Each month we will feature a few Web sites here, ones which sent us the most visitors to our Web site in the previous month. We would encourage you to visit these popular Web sites yourself!

Here are some sites in the Top 15 for June 2004:

Java Tester - Java infirmation Web site.

VIA Arena - Official VIA forums.

ZoneLabs - Zone Labs User Forum.

SWI Forums - SpyWareInfo forums.

The Top 15 sites are listed on our Web site.

03. Recent Support BBS Postings

Can't Hide My Language Toolbar - Windows XP
Archiving emails & reading elsewhere later? - IE / Outlook Express
Problem trying to connect an ADSL modem to a hub - Networking
USB or PS2 Mouse - Hardware
Can't remove "My Documents" from Desktop - Windows XP

04. Increase Your Browsing and E-Mail Safety

4 Steps to Help Ward Off Hackers and Attackers

By increasing your security settings in Microsoft Internet Explorer, Microsoft Outlook, and Microsoft Outlook Express, you can help limit your chances of being attacked.

Read Microsoft Article

05. Windows XP Tip: Using & Tuning ClearType Font Smoothing

ClearType triples the horizontal resolution available for rendering text through software so that the result is clearer display of text on a Liquid Crystal Display (LCD) screen with digital interface. But don't let that lead you to believe it's only good on an LCD display! If you have a good quality CRT display, you may also benefit from ClearType.

Read Full Article

06. MSN launches revamped search engine

Microsoft is expected to take its first baby steps on the road to Web search independence, with the launch of a homegrown Internet search tool and changes to its Internet search engine.

Read C|Net Article