Security alert

[piaqt]

from http://www.microsoft.com/technet/treeview/...in/MS02-027.asp

Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)

Originally posted: June 11, 2002

Summary

Who should read this bulletin: Customers using Microsoft® Internet Explorer; System administrators running Microsoft Internet Security and Acceleration (ISA) Server 2000 or Microsoft Proxy Server 2.0.

Impact of vulnerability: Run Code of Attacker's Choice.

Maximum Severity Rating: Critical

Recommendation: Customers should implement the workaround detailed in the FAQ.

Affected Software:

Microsoft Internet Explorer

Microsoft Proxy Server 2.0

Microsoft ISA Server 2000

Implement the work-around manually by following the steps listed below:

Open Internet Explorer "Tools" and select "Internet Options"

Click on the "Connections" Tab

Click on the "LAN Settings..." button

Uncheck “automatically detect settings”

If "automatic configuration script" is set, check with your administrator if gopher server is called out.

Check the "Use proxy server for your LAN..." Checkbox

Click on the "Advanced..." button

Ensure “use the same proxy server for all protocols” is unchecked.

In the "Proxy addresses to use" textbox next to the word Gopher, Type "LocalHost"

In the "Port" textbox next to the Gopher protocol, Type "1"

Click 'OK' until the Internet Options Menu disappears.

[Flash]

Yeah, they have released a patch for it now. I recieved it by Windows Update and XP started the donwload for me, it is now installed