IAS
CompUCast #3
Hello
and Welcome to CompUCast,
Internet AdCom Services’ official Podcast.
As
an added benefit to our clients and for the Tech community as a whole, I
will be posting periodically these Podcasts covering the hot trends in
the Consumer and Technology communities, as well as covering some
important How-To information about the various computer systems
available.
For
CompUCast, This is Todd Eglow!
I
wanted to get this Podcast out to my clients and computer community as
soon as possible, as there appears to be a new threat on the Internet
for Internet Explorer users
And
as always, to set up an appointment for an in-house consultation, please
send an email to ias@interadcom.com
or call us at 646-808-0764.
Update
- October 7, 2006:
Microsoft Update is now running the VGX patch. Make sure that you
run Microsoft Update on a regular basis to ensure that you have the most
recent updates. Click
Here for a full explanation.
If
you unregistered the VGX.dll, you will need to re-register by following
the instructions at the following link - http://www.grc.com/sn/notes-058.htm
Hot
News
In
this special security edition of Internet AdCom Services CompUCast, we
look at a Security alert that has arisen in mid-September and poses a
threat when using Microsoft's Internet Explorer.
The
full explanation of the threat can be found in our Show Notes, via a
Microsoft Security Advisory, published on September 19th - http://www.microsoft.com/technet/security/advisory/925568.mspx
The
flaw in IE occurs due to the fact that Windows uses some scripting
language referred to as VML - Vector Markup Language.
In
a Web-based attack scenario, an attacker could host a Web site that
contains a Web page that is used to exploit this vulnerability. In
addition, compromised Web sites and Web sites that accept or host
user-provided content or advertisements could contain specially crafted
content that could exploit this vulnerability. In all cases, however, an
attacker would have no way to force users to visit these Web sites.
Instead, an attacker would have to persuade users to visit the Web site,
typically by getting them to click a link in an e-mail message or
instant messenger message that takes users to the attacker's Web site.
As
always, it is imperative that you DO NOT open any attachment from either
an unknown source, or even an attachment from a know source, but not
expected.
There
has been some talk that the exploit could also occur by keeping the
Outlook Reading Pane active.
Luckily,
even though Microsoft probably won't release a patch until October,
there is a work-around fix.
Surf
to our Show Notes for instructions and a link to a full explanation.
http://www.grc.com/sn/notes-058.htm
The
fix will turn un-register the Windows file that is connected to the
vulnerability in the VML language. While
this fix may turn off some web sites that utilize the VML scripting, it
is better to be safer than sorry.
When
Microsoft releases their next series of patches to fix this
vulnerability, it will probably be safe to re-connect the DLL file that
is being turned off by the patch.
Also,
as many of you have heard from me.... at this point, it is probably
safer to switch over to Mozilla's FireFox Web Browser.
Closing
That’s
it for CompUCast Episode #1. If
you have any questions, please surf to our Web Site, located at www.InterAdCom.com
and click on the Email link. We
have also set up an RSS feed for these Podcasts.
Simply surf to our Web Site and copy and paste this RSS Address
into a client software application such as iTunes to receive these
podcasts automatically in the future.
If you need assistance in setting this up, please call.
We
can be reached via Skype by typing in “interadcom”, all in small letters.
We
also have a new NYC Phone number – 646-808-0764
|