 |
| | |
Brian's Buzz on Windows has changed its name to the Windows
Secrets Newsletter. Get the latest high-tech tricks with a free
subscription. Click here to subscribe
|
|
|
 |
|
|
|
MAY 8, 2003 - Issue 5
As of yesterday, your support has aided Brian's Buzz on Windows to
gain more than 34,300 subscribers. Over 1,330 of you (3.9%) have already
contributed to receive the paid version, and the percentage is rapidly
growing.
These numbers are much higher than the targets I projected I'd have this
soon
after April 21 (when my last Window Manager column was printed in
InfoWorld magazine). With your help and tips, I'm sure this
newsletter
will become even more interesting... --Brian Livingston
TOP STORY - info you need to make Windows work
XP, IE, and OE patches cause their own problems
By Brian Livingston
It hasn't been Microsoft's best month for releasing patches.
After it was widely reported that installing a recent security patch
can slow Windows XP to a crawl, the Redmond company
had to admit the problem and scale back its recommendation that
all XP users apply the update.
Now there are reports that Microsoft's two latest patches, which correct
security problems in Internet Explorer 5 and 6 and Outlook Express 6,
also cause difficulties of their own.
- MS03-013 for Windows NT 4, 2000, and XP
This patch, first released on April 16, prevents someone from logging
on from the keyboard or a terminal session and running code to gain
administrator privileges. Microsoft has downgraded this threat to
"important"
rather than "critical."
Microsoft confirmed on April 25 in its Knowledge Base article
819634 that installing the patch on XP Service Pack 1
can seriously slow a PC, especially if antivirus programs are configured
to scan files as they are opened. Testers report delays of more than 10
seconds
in launching apps in this situation.
The company currently recommends that you either uninstall the patch or
disable
real-time antivirus scanning, using periodic disk scans instead.
At this writing, the company says an improved patch will be released at
an unknown future date. But other sources say a working patch is already
available, although you have to make a special request for it through
Microsoft's
Product Support Services.
A word of warning, however, has been sounded by BugTraq's Russ Cooper. He
advises users not to install MS03-013 on Windows 2000 until Microsoft
explains
the purpose of 10 modified files. One is Ntdll.dll, which caused problems
as part of the MS03-007 patch.
More info
- MS03-014 for Internet Explorer 5 and 6 and Outlook Express 5.5 and
6
This update, issued on April 23, corrects a security problem in the way
IE and OE handle files stored on the Web. If a user visits a malicious Web
page,
the apps can be made to render a plain-text file as though it were HTML.
If the text file contains an executable script, the script could damage
the
PC - because a text file is a "safe file type" that runs with Local
Computer
Zone privileges. Microsoft rates this flaw "critical."
MS03-014 is being described as a patch for Outlook Express 5.5 and 6.
But it's important even for those who don't use OE but use
Internet Explorer 5 and 6. That's because IE
uses the underlying code of OE to render text files as if they were HTML
files.
Installing the patch prevents IE and OE from converting any text files
other
than .mht or .mhtml file types into the special form that renders as HTML.
More info
The problem? In an article that's not yet posted on the Web, issue 3.15 of
the
Woody's Windows
XP
newsletter reports that installing the MS03-014 patch
completely disables IE and OE's ability to access the Internet if the
operating system is XP and Norton Internet Security 2002 is
installed.
This is true whether or not NIS is disabled before running the update.
The e-zine also says the patch prevents OE 6 from remembering the
most-recent location where an attachment was saved.
- MS03-015 for Internet Explorer 5 and 6
This patch, released along with MS03-014 on April 23, is a "cumulative
update"
that combines all known fixes for Internet Explorer
5.01, 5.5, and 6. The update also corrects four new vulnerabilities, three
of
which are threats that Redmond rates as "critical."
The most serious vulnerability allows a Web site to run malicious code
on a user's PC. The rogue program would enjoy all the same privileges as
the
locally logged-in user.
More info
Woody's notes that Internet access on XP is disabled if MS03-15 is
installed
while Norton Internet Security 2002 is running.
But this problem can be avoided by simply turning off
virus checking before installing the patch (a good step when installing
almost any app).
Does this mean you shouldn't install the latest Microsoft updates?
Not at all. But if you use Norton Internet Security or any other antivirus
programs, you should definitely test MS03-014 and MS03-015 before
rolling these patches out to production machines. You may also want to
delay MS03-013 on Windows 2000 and XP machines if you aren't directly
affected by the threat it averts. (For example, if your machines are
in locked rooms where only trusted admins have access.) Proceeding with
caution
is a normal reaction to any new Microsoft upgrade.
Amid this hue and cry, some lowlife is sending out e-mail messages that
appear
to be from Microsoft, announcing a very desirable "cumulative patch."
I don't know whether these bogus messages are in response to the XP/IE/OE
mess,
but the messages carry an attachment called Q178830.exe, which appears to
be a
virus (although it's not yet reported in major antivirus
databases).
I'm reproducing the fake message below, not because you should
follow
its advice, but to show how chillingly similar to a real Microsoft message
it seems:
From: Microsoft Internet Technical Services
[mailto:sdjsibp887470@WRrTUXG.net]
Sent: Monday, May 05, 2003 10:01 AM
To: MS Customer
MS Customer
this is the latest version of security update, the "May
2003, Cumulative Patch" update which eliminates all known security
vulnerabilities affecting Internet Explorer, Outlook and Outlook Express
as well as five newly discovered vulnerabilities. Install now to protect
your computer from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your system. This update
includes the functionality of all previously released patches.
|
System requirements |
Win 9x/Me/2000/NT/XP |
|
This update applies to |
Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later |
|
Recommendation |
Customers should install the patch at the earliest
opportunity.
|
|
How to install |
Run attached file. Click Yes on displayed dialog
box. |
|
How to use |
You don't need to do anything after installing this
item. |
Microsoft Product Support Services and Knowledge Base articles can be
found on
the Microsoft Technical
Support web
site. For security-related information about Microsoft products,
please visit the Microsoft
Security Advisor web site, or
Contact us.
Please do not reply to this message. It was sent from an
unmonitored e-mail address and we are unable to respond to any
replies.
Thank you for using Microsoft products.
With friendly greetings,
Microsoft Internet Technical Services
©2003 Microsoft Corporation. All rights
reserved. The
names of the actual companies and products mentioned herein may be the
trademarks of their respective owners.
Important: the above is not a genuine Microsoft message and
should
not be acted upon. Microsoft is emphatic that it never
sends out patches as e-mail attachments. Unfortunately, the bogus
message is such a good imitation (except for the weird "mailto"
address in the From line) that many end users would run the attached
executable file without a second thought.
To send me more information about any of this, or to send me a tip on any
other
subject, visit
WindowsSecrets.com/contact.
I'm sending reader David S. Calef a certificate good for a book, CD, or
DVD of his choice for his help on this subject.
RECOMMENDED READING - a few page views to boost your
knowledge
Mastering Windows Server 2003: all the new stuff in 1,616 pages
Mark Minasi is a noted leader of high-tech training seminars,
and he's added to his repertoire with his new book, Mastering Windows
Server 2003. You may not be planning to purchase Server 2K3, but
you probably need to at least be able to converse intelligently about
features
such as Volume Shadow Copy (which takes snapshots of file changes) and
Forest
Trust (which permits users to access resources across servers). This is a
brick
of a book, but that can be good when you need to look up some factoid
that's
suddenly become important.
More info
IIS 6 Administration: Redmond's still a player in the Web server game
One of the strengths of Windows Server 2003 is its inclusion of an
improved version of Microsoft's own Web server software, Internet
Information Server 6. We all hear how many more Apache servers there are
than IIS, according to the oft-mentioned Netcraft surveys.
But, as I noted in an InfoWorld
column on Jan. 20, a recent survey of Fortune 1000 companies found
that the
majority use IIS, not Apache, for their Web sites. IIS 6
Administration
provides an overview of Web server setup, security, and more for anyone
who may be called upon to make this stuff actually work.
More info
WINDOWS GIZMOS - the best new stuff
The first 160-hour personal video recorder
Someone's finally put today's big hard drives to use in a big way.
The ReplayTV RTV5160 is the first PVR that
can store 160 hours of video, far more than its competitor, TiVo.
Both makers let you record and fast-forward through your favorite
TV shows - and even pause live ones - but Replay's famed Commercial
Advance is a killer feature that skips ads automatically. The
manufacturer,
SonicBlue, has had financial woes but was recently purchased by
the parent of Denon and Marantz, so it should be fine. A few individual
dealers are starting to offer factory-new units. (And with a street price
starting only about $50 above the 80-hour model, the bigger capacity is
a no-brainer.)
More info
It's 2003's top-selling game and it's not even released yet
"Enter The Matrix" is setting sales records even though neither it nor the
movie The Matrix Reloaded will actually go public 'til next week.
I'm not
really a fan, since I've only seen the original film three times. But the
buildup is starting to excite even my infidel heart. The game, which
requires
Windows 98/Me/2000/XP, is based on a script by the Wachowski brothers
and is said to include an hour of their film footage. Well, which will it
be: the blue pill or the red pill...
More info
FORWARDING INSTRUCTIONS - news gains value when it's shared
Please share this information with your colleagues
You're encouraged to refer your friends and colleagues to this free
newsletter. Because most e-mail programs don't correctly display a
formatted
message that's been forwarded, simply call people's attention to
the permanent Web address of this issue:
BriansBuzz.com/w/030508.
HERE'S A TIP - you'll get a better newsletter if you choose the paid
version
You're reading the free version of Brian's Buzz on Windows
Subscribers to the paid version are receiving additional information this
week
that includes the following topics:
- Free software. A favorite utility gains
power in a new, XP-compatible version.
- Better dialogs. Another program, nominated by a reader,
improves File Open and Save.
- Microsoft bulletins. Changes are needed to use Internet and
intranet sites in IE under Windows Server 2003.
In addition, at least once per calendar quarter, I acquire the rights
to worthwhile stuff
and allow the paid subscribers to download it for free.
If you make a contribution before May 21, 2003,
you'll be sent the full, paid version of this week's newsletter.
If you find just one tip this year that saves you time and money,
wouldn't that be worth a few bucks?
To upgrade to the paid version, please visit
WindowsSecrets.com/upgrade.
Thanks in advance. --Brian Livingston
THE WEIRD WIDE WEB - playing for you the Internet's greatest
bits
The Eater of Meaning can make your Web site 100% funnier
Now here's a Web service that proves the adage, "Content is King!"
The Eater of Meaning works on practically any Web site, and the results
are almost certain to be an improvement.
The program, developed by Leonard Richardson of Crummy.com, uses a variety
of filters to rewrite the words of any site you specify. I tried it by
typing
in the home page of my friends at News.com. Their boring old headline,
"Microsoft, Best Buy accused of scam" was turned into the much more
entertaining "Microport, Besotter Buy accounting of scampers."
Point this thing at your company's home page and watch your CEO
burst into laughter! Visit the
Eater of Meaning
CLOSING REMARKS - the best is yet to come
If you're not reading this, here's why
I've become very concerned about the number of e-mail "junk filters"
set up by mail server administrators who are
just guessing about which messages should be kept from recipients.
More than 1.35% of the copies of Brian's Buzz on Windows sent out on April
24
were "bounced" by a mail server - and that's only counting
the servers that bothered to return an error code when they trashed the
issue.
Examining my logs, I see that some subscribers didn't receive their
issues for reasons such as, "Banned word found in subject line." Since
the banned word could have been the "free" in [Newsletter Free Version],
I've
changed this to [Newsletter Comp Version] in today's subject line.
I apologize if this messes up any personal filters you'd created to sort
your
mail.
I've started a policy of personally e-mailing every paid subscriber
the first time his or her newsletter is undelivered for such a reason. But
with more than 33,000 free recipients, it's simply impossible for me to
personally investigate every bounce. I urge you to check now to ensure
that a faulty junk-mail filter won't be put in place without your
knowledge.
Thanks. --Brian Livingston
|
|
|
|
|
| |
|
|
|
 | |