links to InfoWorld: .
“We don’t have significant reports of Web sites compromised or of
people sending us examples of the new Trojans,” he said. “I’d rate this
a low risk if you’re patched and a medium risk if you’re not.” Still,
other security companies reported widespread infections.
Three exploits took place at once: the IIS 5.0 servers had an SSL flaw
(patched in MS04-011) that allowed them to be infected. The Windows PCs
had two flaws: an MHTML handling problem in Outlook Express and IE
(also patched, in MS04-013) and a cross-site scripting exploit
identified last week that remains unpatched.
If you must use IE (for example, I can’t get to the Microsoft KnowledgeBase without it), make sure to do the following:
- Set your IE security level to high (Tools, Options, Security:
Select ‘High’ from the drop-down and then ‘Reset’ – you’ll want to note
your previous settings and record them somewhere in case you’re having
problems browsing), and
- Make sure your virus scanners up to date. Even though I had
upgraded to NAV 2004 on Friday and updated to the most recent files
then, I download two updates this morning (Sunday) with 1.2Mb+ of new
stuff in them.