Network News

X My Profile
View More Activity

Two Security Updates From Microsoft Next Week

Microsoft said today it plans to issue two software updates next week to patch a couple of security holes in its Windows operating system and its Office productivity suite.

The patches, which will be released sometime Tuesday afternoon, include an "important" fix for Windows and a "critical" update for Office. Microsoft rates a security flaw as "critical" if it could be exploited by a computer worm that spreads to unpatched and "un-firewalled" PCs without any action on the part of the victim.

Vulnerabilities that earn "important" ratings from Redmond are only slightly less dangerous, and include those "whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources."

As always, Security Fix will have the lowdown on these patches once Microsoft issues them next Tuesday.

By Brian Krebs  |  March 9, 2006; 5:32 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Shadowboxing With a Bot Herder
Next: McAfee Update Flags Hundreds of Innocuous Programs

Comments

Krebs,

I hope you read your own comments because the link for submitting a question -- http://discuss.washingtonpost.com/wp-srv/zforum/content/submit_krebs.htm -- on the wp.com tech page and on your page on wp.com is dead.

I went into the office late last night to pick something up and noticed that my daily virus scan had picked up the W95/CTX virus in 31!!! files (that could not be repaired). Then I looked through the files list and was alarmed to see that many of them were system files. I didn't want to quarantine them and risk the stability of my computer without further research, so I left it as it was until this AM. (I was especially alarmed because this would have been the only the second virus to strike our office in my 10 years on the job and it seemed to strike swiftly and with potentially severe impact.)

Today I went searching for more information, I found this gem from McAfee:
http://vil.nai.com/vil/content/v_138884.htm
The relevant part is that as of 3/10/06, "The following files are known to trigger the incorrect identification..." The files include such gems as the Windows userid.exe, the Adobe update manager, the Google toolbar installer, and Excel - as in excel.exe, which pretty much every office user will have on their PC.

The site says the new new DAT (I guess that would be the second update of the day) file fixes the misidentification, but this is a massive screwup and I haven't seen any stories on it thus far. Imagine how many people know very little about their computer but have been trained that if the virus detection software alerts them to a problem, they need to quarantine or delete the infected files without question.

Hope you get this info out to the masses and quick.

Tex Duncan

Posted by: texd | March 11, 2006 11:29 AM | Report abuse

What is www2. ? Many sites starting their url with www2. are inacessible from internet explorer, but not all. This is the first time I have noticed this issue.

Posted by: Roger Smith | March 11, 2006 11:48 AM | Report abuse

The only reason why a site starting with www2 would be inaccessible to any browser would be that www2 does not resolve to an actual IP.

There is no limitation in IE or any other browser on URLs that start with www2.

Posted by: Matt | March 11, 2006 12:16 PM | Report abuse

Try the Post's connection to some of the uclick cartoons. None of the cartoons with www2 in the url can be resolved. The same is true for several other urls linked to from other major news media outlets. It seems that this is a problem today - it wasn't yesterday, or early this morning.

Posted by: Roger Smith | March 11, 2006 12:25 PM | Report abuse

Again, that's either a DNS problem, or a problem on uclick's side. But www2.uclick.com resolves just fine at the moment. Notice both www and www2 point to the same thing.

You could call the server whatever you want. www is just a quasi-standard. As long as you have a resolvable name, it will work in every browser.

nslookup www.uclick.com

Non-authoritative answer:
Name: uclick.com
Address: 63.208.55.178
Aliases: www.uclick.com

nslookup www2.uclick.com

Non-authoritative answer:
Name: uclick.com
Address: 63.208.55.178
Aliases: www2.uclick.com

Posted by: Matt | March 12, 2006 12:34 PM | Report abuse

h

Posted by: h | March 12, 2006 3:34 PM | Report abuse

j

Posted by: Anonymous | March 12, 2006 3:47 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company