InternetMicrosoft Patches IE, Office Holes

The most serious involve problems in IE that could leave users open to a phishing attack.

A favorite target of virus writers, Internet Explorer, is the recipient of four new vulnerability fixes today from Microsoft in the latest of the company's regular monthly product updates. The most significant of the IE patches addresses remote code execution exploits in specially crafted Web pages. Amol Sarwate, research manager for the security firm Qualys, said two of the critical IE vulnerabilities were zero-day exploits and could allow for address bar spoofing of URLs. "A victim can be fooled by a phishing attack. They might think they are going to a bank site by looking at the URL, but they are going to a hacker Web site," he told InternetNews.com. A second major issue addressed in the update aims to patch a remote code execution vulnerability in another omnipresent product from the company, Microsoft Word. That hole could allow remote code execution with Microsoft Word 2000 and 2002 if a user opens a specially crafted file that contains a malformed string. The hole also affects Microsoft Office 2004 for Mac. In the case of both the IE and Word vulnerabilities, users running with less than full Administrator rights are less likely to be impacted by the problems. A third critical vulnerability patched in today's release also affects widespread applications -- in this case, Outlook Express and Microsoft Mail, the latter of which comes with Windows Vista. The patch addresses a remote code execution vulnerability that can appear in a malformed NNTP response... [ Read more on www.internetnews.com ]

InternetWindows Home Server Available for DIYers

Why wait for hardware bundled with Microsoft's Windows Home Server when you can build your own now?

InternetBlinkx Gives Publishers Another Video Option

You don't have to go through Google if you want to make money off YouTube videos.