Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Microsoft Patches Its Own Security Patch
Software giant replaces last month's fix for its chat software, and moves to repair a browser hole.
Sam Costello, IDG News Service
Microsoft released two security bulletins late Tuesday, the first updating a patch the company released for a handful of its chat software clients in May and the second detailing a work-around to a flaw in its Internet Explorer Web browser that comes as a result of the aging Gopher protocol.
The vulnerability in MSN Chat, MSN Messenger, and Exchange Instant Messenger addressed by the patch released on May 8 could have allowed an attacker to run code on target machines via a buffer overflow in ActiveX.
The original patch did not, however, stop the affected ActiveX component from being reinstalled on systems in all cases, leaving the potential for patched systems to become vulnerable again, Microsoft says. To address this, the company released a new set of fixes on Tuesday for all three affected products.
Buffer overflows occur when the space reserved for programs or services in memory is overrun, allowing attackers to run code or take over systems.
The new security alert, patches and updated versions of the programs can be found on Microsoft's Web site.
This most recent patch update is not the first time in recent months that Microsoft has needed to fix a security fix. In May, the company released a patch for Internet Explorer that, security researchers charged, did not close all the holes it claimed to.
Microsoft encountered a similar problem in February, when another patch for IE caused the browser to crash.
Potential Problems
The Redmond, Washington, software company Tuesday also released a security bulletin detailing a way for users to protect themselves from attack using the Gopher protocol. Microsoft has not yet released a patch to fix the issue.
The Gopher vulnerability potentially gives a remote user access to a host computer, by exploiting a buffer overflow bug in IE's gopher code.
The company's warning about the Gopher vulnerability marks Microsoft's official acknowledgement of the bug. When Online Solutions, the Finnish company that discovered the flaw, released its advisory, Microsoft said only that it was investigating the issue and did not confirm it.
Microsoft's work-around for the issue is the same as that provided by Online Solutions: that users should select Internet options from within IE's Tools menu, then click Connections and select "LAN settings." From there, users should check "Use proxy server for your LAN," click the "Advanced..." button; type "localhost" into the textbox next to the word "Gopher" and put "1" in the port field.
Save on Printing Costs
Full Windows 7 coverage
Dell End of Year Deals
-
Ring in the New Year with Huge Deals on Dell Computers Up to 30% Popular Dell Laptops, up to 25% off Popular Dell Desktops. Sales ends 12/31 5AM EST.
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.90
Anti-virus 2010 (OEM Product, 1 User)Price: $20.99
AntiVirus Plus 2010 - 3 Users (Full Product)Price: $11.95
Norton AntiVirus 2009 (Full Product)Price: $16.89
AntiVirus 2010 (Full Product)Price: $24.95
Norton Antivirus 2010 (Full Product, 3 Users)Price: $38.50
-
Perfect Printing Solutions Find just the right All-in-One Printer for you from HP. Visit the HP Resource Center.
-
Acer Laptop Center Forget the Mouse...check out the next generation multi-gesture touch screen technology from Acer.
-
Dell Shopping Center Check out great deals from Dell!
