Security

Watch out: Internet Explorer cookies can crumble

Microsoft has announced an IE vulnerability that could expose all the personal information in a user's cookies. Also this week, Novell released two new patches, and Trend Micro upgraded the TROJ_KLEZ.C virus to medium risk.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-055)
Regarding: Internet Explorer
Date posted: Nov. 8, 2001
Patch URL: No patch is available at this time.
Information URL: Click here for more information.

Microsoft gives this vulnerability a severity rating of "High." A properly crafted URL could allow a site to gain access to all of a user's cookies and possibly change their values. It is possible that personal information could be exposed. Until a patch is available, Microsoft recommends that users disable active scripting.

Novell issues
Regarding: DeFrame/OnDemand
Date posted: Nov. 8, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch, which has been tested only with OnDemand 1.5 and replaces ODEMANDA.EXE, addresses two issues. The first is a failure to launch when particular conditions are met, including a blank preferred server field in the NDS application object. The second is the selection of the "preferred server" configuration in certain circumstances.

Regarding: IP & TCP/IP, UNIX connectivity
Date posted: Nov. 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

In the past, if NETDB found a nameserver entry without a space character, the server would abend. With this patch, the entry will be ignored by the server.

Virus updates from Trend Micro
Virus/Worm: PE_FINALDO.B
Posted: Nov. 8, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: TROJ_KLEZ.C
Posted: Nov. 12, 2001
Risk: Medium
Information URL: Click here for more information on this virus.

Stay current on virus information
Have you been keeping up with the latest virus information and patches from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-055)
Regarding: Internet Explorer
Date posted: Nov. 8, 2001
Patch URL: No patch is available at this time.
Information URL: Click here for more information.

Microsoft gives this vulnerability a severity rating of "High." A properly crafted URL could allow a site to gain access to all of a user's cookies and possibly change their values. It is possible that personal information could be exposed. Until a patch is available, Microsoft recommends that users disable active scripting.

Novell issues
Regarding: DeFrame/OnDemand
Date posted: Nov. 8, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch, which has been tested only with OnDemand 1.5 and replaces ODEMANDA.EXE, addresses two issues. The first is a failure to launch when particular conditions are met, including a blank preferred server field in the NDS application object. The second is the selection of the "preferred server" configuration in certain circumstances.

Regarding: IP & TCP/IP, UNIX connectivity
Date posted: Nov. 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

In the past, if NETDB found a nameserver entry without a space character, the server would abend. With this patch, the entry will be ignored by the server.

Virus updates from Trend Micro
Virus/Worm: PE_FINALDO.B
Posted: Nov. 8, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: TROJ_KLEZ.C
Posted: Nov. 12, 2001
Risk: Medium
Information URL: Click here for more information on this virus.

Stay current on virus information
Have you been keeping up with the latest virus information and patches from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Editor's Picks