Microsoft: July 2004 Archives

What do your Office documents say about you?

Microsoft has released an update to the security tool to removed excess information from Office documents. Information on that is available here.

Office documentation information leakage can be embarrassing. Information that was part of a collaborative document development effort not meant for public consumption can be leaked if efforts are not taken to remove them. To be on the safe side save to RTF or PDF when posting documents to a customer. Within a company Word is quite necessary, but I'd recommend using this tool on anything of great importance. It would be very bad to give an electronic copy of a performance review to an employee and have it contain a prior revision with a snide comment between reviewers.

By Roger on July 21, 2004 4:27 PM |

July 2004 Microsoft Security Bulletins

The following if from the RSS Feed for Microsoft Security Bulletins

MS04-018: Cumulative Security Update for Outlook Express (823353)

MS04-019: Vulnerability in Utility Manager Could Allow Code Execution (842526)

MS04-020: Vulnerability in POSIX Could Allow Code Execution (841872)

MS04-021: Security Update for IIS 4.0 (841373)

MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution (841873)

MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315

MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)

Continue reading July 2004 Microsoft Security Bulletins.
By Roger on July 13, 2004 2:35 PM |

XP SP2 RTM Delayed

News.com is reporting that the long anticipated service pack 2 for Windows XP will be released to the manufacturers in August.

The service pack contains new security features that system administrators await with a mix of hope and dread. Hope that hope systems will be more secure by default and less likely to contribute as virus spreaders. Dread because of the fears that legacy products wont work well with the changes.

By Roger on July 12, 2004 9:48 AM |

ActiveX Security Change Released by Microsoft

Microsoft today released a configuration change that addresses the recent malicious attack against IE known as Download.Ject.

This configuration change disables an ActiveX control known as adodb.stream. Disallowing this functionality prevents an attacker from placing malicious code on a PC hard drive and will prevent the Download.Ject attack. It can be downloaded from www.microsoft.com/downloads/details.aspx?FamilyId=4D056748-C538-46F6-B7C8-2FBFD0D237E3&displaylang=en

In addition, KB article 870669, provides information to implement this change manually: http://support.microsoft.com/default.aspx?kbid=870669.

This change has the potential to effect legit apps that use ADODB.Stream functionality. The KB article does show how to role back the change if you find that it effects your corporate applications.

For more information on the Download.Ject attack: http://www.microsoft.com/downloadject.

By Roger on July 2, 2004 10:25 AM |
« Microsoft: June 2004 | Main Index | Archives | Microsoft: August 2004 »

Search