Microsoft Security Advisory (912945) – Non-Security Update for Internet Explorer

Microsoft is releasing a non-security update for Internet Explorer on February 28, 2006.


For more information about this update, see Microsoft Knowledge Base Article 912945. This update is separate from the security update released on February 14, 2006 as part of Microsoft Security Bulletin MS06-004.


Microsoft Knowledge Base Article 912945 and the accompanying non-security update targets the following software:


  • Internet Explorer for Microsoft Windows XP Service Pack 2
  • Internet Explorer for Microsoft Windows Server 2003 Service Pack 1

Microsoft Security Bulletin MS06-004 and the accompanying security update released on February 14, 2006 targeted the following software:


  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    General Information

http://www.microsoft.com/technet/security/advisory/912945.mspx

Internet Explorer Iframe Folder Deletion Weakness

cyber flash has discovered a weakness in Internet Explorer, which can be exploited by malicious people to trick users into deleting local folders.

The problem is that network shares can be included in an iframe where only certain parts of the content is visible to the user. This can e.g. be exploited to trick users into deleting local folders via an iframe referencing “\127.0.0.1c$”.

Successful exploitation requires that the user selects a folder icon, presses the delete key, and accepts a “Folder Delete” dialog.

The weakness has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.

Solution:  Do not accept suspicious “Folder Delete” dialogs when visiting untrusted web sites.


http://secunia.com/advisories/19057/

StartGuard Software released StartGuard 2.0 (antispyware)

Found the above-mentioned topic title at http://www.prleap.com/pr/27839/ that says:


“This month StartGuard Software, http://www.startguard.net, announces the release of StartGuard 2.0, a freeware tool designed to halt spyware before it has a chance load itself onto a user’s PC. StartGuard uses an entirely different method of detecting spyware from most anti-spyware tools. Instead of cross-checking every installed program with a database of spyware definitions, StartGuard scans every possible entry point spyware uses to infect a system an alerts the user when possible threats are found. The user may then approve, deny, or remove the program. One might think of StartGuard as a “program firewall”.”


Website of the software publisher is at http://www.startguard.net/


Hhhmm new antispyware program again. Let’s see if there’s any feedback on this. It’s not listed in Eric L. Howes, Rogue/Suspect Anti-Spyware Products & Web Sites at the time of this posting.

Spyware test confusion

Several security vendors are collaborating to set standards that will identify and eliminate spyware while making it easier for businesses to compare anti-spyware vendors’ products.


McAfee, Symantec, Trend Micro, ICSA Labs and Thompson Cyber Security Labs have joined forces to provide product tests based on standard third-party evaluation criteria, using common samples for detecting and testing.


According to security experts, spyware and other unwanted technologies are among the fastest growing risks to consumers and companies, increasing at up to 100 per cent year over year.


As a result of the new collaboration, the security vendors, who claim few product testers document their test samples or methods, and use small sample sets, say they intend to eliminate this confusion.


AustralianIT

Security Awareness (from students point of view)

Last fall, the EDUCAUSE/Internet2 Computer and Network Security Task Force and the National Cyber Security Alliance had a video contest for students to come up with creative ways to raise awareness about security issues and recently announced the winners.  Their press release is located at http://www.educause.edu/PressReleases/1175&ID=1280  and the winner’s videos are located at http://www.educause.edu/SecurityVideoContest/7103 .  It is very interesting to see security through the eyes of the younger generation.


http://isc.sans.org/diary.php?storyid=1151

Free Microsoft Office Small Business Management Edition

There’s a FREE four-day online event at Microsoft.   Anyone in the U.S. who will attend three or more live webcasts during the Small Business Summit, complete and submit the brief evaluation for each webcast and  will receive Microsoft Office Small Business Management Edition software FREE — a $669 value! While supplies last. Offer available in the U.S. only.


The Microsoft Office Small Business Management Edition software includes Small Business Accounting 2006, Outlook with Business Contact Manager Update, Word, Excel, PowerPoint, Access and Publisher.


More info at http://www.microsoft.com/smallbusiness/small-business-summit/hub.mspx

MARA report: Virus can pass from PCs to mobile devices

A security association is reporting what it says is the first virus that can pass from a PC to a mobile device and then erase files.


The proof-of concept virus is not yet threatening users. It was sent to theMobile Antivirus Researchers Association (MARA). The organisation said the virus came with a text file that read, in part: “This is proof-of-concept code for educational purposes only. This virus closes the gap between handhelds and desktops, now it’s one big world open to all.”


TechWorld