I'm sure where this is a forum for more advanced users there aren't many still using the default Windows browser but I thought I'd pass this info along anyway.
Last week CERT [url=http://www.washingtonpost.com/wp-dyn/articles/A6746-2004Jun25.html]recommended
[/url] using browsers other than IE and now the Department of Homeland Security is now making the same recommendation
For those that don't want to register at the Washington posthttp://www.us-cert.gov/cas/techalerts/TA04-163A.html
I believe that is a different hole and this one is newer.http://www.us-cert.gov/current/current_activity.html#iis5
It looks like CERT doesn't have a technical description available at this time. Hmm... neither does securityfocus. Ditto for microsoft.
Funny - thats what I thought I had linked to.
MS just released something:
-----BEGIN PGP SIGNED MESSAGE-----
MICROSOFT SECURITY UPDATE
July 2, 2004
SECURITY UPDATE SUMMARY
On Friday, July 2, 2004, Microsoft is releasing a configuration
Microsoft Windows(r) XP, Windows 2000, and Windows Server(tm) 2003 to
address recent malicious attacks against Microsoft Internet
To learn more about this update, review this notice on
Windows customers are encouraged to apply this configuration change
immediately to help protect against current Internet Explorer
update is available on the Windows Update Web site.
Customers who have installed Windows XP Service Pack 2 RC2 are not
at risk and do not need this configuration change.
BEWARE OF BOGUS BULLETINS
If you get e-mail that claims to contain a Microsoft software
update, it is probably a virus trying to trick you into infecting
your computer. Microsoft never widely distributes software in e-
mail. Learn how to spot a bogus bulletin:
SECURITY WEB SITE
HELP PROTECT YOUR PC FROM BAGLE, NETSKY, AND OTHER MASS MAILER WORMS
http://www.microsoft.com/security/incid ... ailer.mspx
SECURITY BULLETIN SEARCH TOOL
PROTECT YOUR PC
ABOUT THE MICROSOFT SECURITY UPDATE
The Microsoft Security Update is an e-mail alert service designed
for home users and small businesses that provides information about
Microsoft security updates and virus alerts. Microsoft also uses
this service to make subscribers aware that they might need to take
action to guard against a circulating security threat.
You have received this update because you are a subscriber. If
you would like to unsubscribe, follow the instructions at the bottom
of this page.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
-----END PGP SIGNATURE-----
To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp
You may cancel your subscription to this newsletter by doing one of the following:
* Reply to this message with the word UNSUBSCRIBE in the Subject line.
* Click mailto:1_63141_B067B2A9-3631-4FB3-8B9D-024DA1E35426_US@
Newsletters.Microsoft.com?subject=UNSUBSCRIBE to send an unsubscribe message.
THIS DOCUMENT AND OTHER DOCUMENTS PROVIDED PURSUANT TO THIS PROGRAM ARE FOR INFORMATIONAL PURPOSES ONLY. The information type should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. The user assumes the entire risk as to the accuracy and the use of this document.
Microsoft.com newsletter e-mail may be copied and distributed under the following conditions:
* All text must be copied without modification and all pages must be included.
* All copies must contain the Microsoft copyright notice and any other notices provided therein.
* This document may not be distributed for profit.