CompUCast Show Notes for Episode #3

Horizontal Line

IAS CompUCast #3

Hello and Welcome to CompUCast, Internet AdCom Services’ official Podcast.

As an added benefit to our clients and for the Tech community as a whole, I will be posting periodically these Podcasts covering the hot trends in the Consumer and Technology communities, as well as covering some important How-To information about the various computer systems available.

For CompUCast, This is Todd Eglow!

I wanted to get this Podcast out to my clients and computer community as soon as possible, as there appears to be a new threat on the Internet for Internet Explorer users

And as always, to set up an appointment for an in-house consultation, please send an email to ias@interadcom.com or call us at 646-808-0764.  

Update - October 7, 2006: Microsoft Update is now running the VGX patch.  Make sure that you run Microsoft Update on a regular basis to ensure that you have the most recent updates.  Click Here for a full explanation.

If you unregistered the VGX.dll, you will need to re-register by following the instructions at the following link - http://www.grc.com/sn/notes-058.htm

Hot News

In this special security edition of Internet AdCom Services CompUCast, we look at a Security alert that has arisen in mid-September and poses a threat when using Microsoft's Internet Explorer.

The full explanation of the threat can be found in our Show Notes, via a Microsoft Security Advisory, published on September 19th - http://www.microsoft.com/technet/security/advisory/925568.mspx

The flaw in IE occurs due to the fact that Windows uses some scripting language referred to as VML - Vector Markup Language.

In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker's Web site.

As always, it is imperative that you DO NOT open any attachment from either an unknown source, or even an attachment from a know source, but not expected.

There has been some talk that the exploit could also occur by keeping the Outlook Reading Pane active.

Luckily, even though Microsoft probably won't release a patch until October, there is a work-around fix.

Surf to our Show Notes for instructions and a link to a full explanation.

http://www.grc.com/sn/notes-058.htm

The fix will turn un-register the Windows file that is connected to the vulnerability in the VML language.  While this fix may turn off some web sites that utilize the VML scripting, it is better to be safer than sorry.

When Microsoft releases their next series of patches to fix this vulnerability, it will probably be safe to re-connect the DLL file that is being turned off by the patch.

Also, as many of you have heard from me.... at this point, it is probably safer to switch over to Mozilla's FireFox Web Browser.

Closing

That’s it for CompUCast Episode #1.  If you have any questions, please surf to our Web Site, located at www.InterAdCom.com and click on the Email link.  We have also set up an RSS feed for these Podcasts.  Simply surf to our Web Site and copy and paste this RSS Address into a client software application such as iTunes to receive these podcasts automatically in the future.  If you need assistance in setting this up, please call.

We can be reached via Skype by typing in “interadcom”, all in small letters.

We also have a new NYC Phone number – 646-808-0764