Bugs and Fixes: Cracks in Microsoft Software
Contrib. Ed.
Stuart J. Johnston
Microsoft has released patches that block critical vulnerabilities in Internet Explorer 6, Windows 2000 through XP Service Pack 1, Word 2000 through 2003, Works Suite 2001 through 2004, and MSN Messenger 6.2. Worst case, these holes could allow a perpetrator to control your PC.
In Internet Explorer, for example, if you click a booby-trapped link on an attacker's site, one of the browser's flaws could let a bad guy send you a rigged Dynamic HTML object such as an animation with synchronized music. The object would deliberately overload IE, causing the audio and animation to get out of sync inside the browser, at which point an attack program would load from the remote site.
Another IE hole involves the way the browser processes some Web addresses. If you click a corrupt link on a cracker's site or in an HTML-format e-mail, the attacker could flood the browser's address buffer (a chunk of computer memory reserved for storing Web addresses) and cause IE to crash. The miscreant could then send a program to take over your PC. To avoid these troubles, download the cumulative IE update, which has fixes for the newly discovered flaws as well as all previous patches for versions 5.01 through 6:
http://www.microsoft.com/technet/sec.../MS05-020.mspx
Even if you have installed Service Pack 2 for XP, you still need to patch IE.
Read "Microsoft Discloses Five Critical Security Holes" for more on IE's woes:
http://www.pcworld.com/news/article/...,tk,srx,00.asp
Microsoft has also fixed a problem in the way Windows 2000 through XP SP1 handle network messages that use the Internet Protocol, the part of the Net that keeps track of e-mail routing and Web addresses. An attacker could send you a rogue IP message to crash your PC or, worse, gain control of your machine. You could be attacked without doing anything; however, most hardware routers on the Internet will not forward malformed IP messages. To be extra safe, download the patch:
http://www.microsoft.com/technet/sec.../MS05-019.mspx
Remember the old advice never to open an e-mail attachment from a questionable source? Microsoft has fixed two holes in the way Word 2000 through 2003 and Works Suite 2001 through 2004 handle opened attachments. If you open a bad attachment, a crafty cracker might send you a poisoned file that permits a remote takeover of your computer. So download the patch:
http://www.microsoft.com/technet/sec.../MS05-023.mspx
Finally, Microsoft has corrected a problem in the way MSN Messenger 6.2 handles certain graphics types such as emoticons and pictures created in the .gif file format. To be affected, you'd have to add the perpetrator to your contacts list. But if you were tricked into doing so, the offender could send you an improperly sized .gif image that would cause MSN Messenger to crash. In the ensuing chaos, the bad guy could send a program to control your PC. If you use version 6.2 of MSN Messenger, upgrade to version 7 or download this patch:
http://www.microsoft.com/technet/sec.../MS05-022.mspx
Reading this newsletter is well and good, but you need to keep yourself up-to-date. Be sure to visit PC World's Spyware and Security Info Center for the latest news and how-tos between issues:
http://www.pcworld.com/resource/info...,tk,srx,00.asp
In Brief: WMP 9 Fix--Finally
Back in April, I warned you about potential adware and hack attacks in Windows Media Player 9. Microsoft has plugged the hole and now offers the fix on its site:
http://support.microsoft.com/kb/892313
For background, read "Microsoft to Boost Media Player Security":
http://www.pcworld.com/news/article/...,tk,srx,00.asp
Fix Annoying Problems in Office 2003
When you open a Microsoft Office 2003 document from a Web location, online folder, or Internet security zone, you may see a red X (signifying a broken link) instead of the intended graphic. This happens when the folder where Office 2003 tried to cache the image doesn't exist or when the user doesn't have the necessary security privileges to allow Office to cache the image at all. If this happens to you, download the fix:
http://support.microsoft.com/kb/897693
Another Office 2003 issue: The software may stop responding when you try to check a document's Spanish spelling and grammar in apps such as Word, Excel, Outlook, and PowerPoint. Unfortunately, the workaround is to reinstall the entire Office 2003 suite.
Bugged?
Found a hardware or software bug? Write to Stuart Johnston:
bugs@pcworld.com
Read Stuart J. Johnston's regularly published "Bugs and Fixes" columns:
http://www.pcworld.com/resource/colu...2,tk,sr,00.asp
email from PC World
Login 
Civilized Debate 
