Security Update --------------- Gaping Security Hole In IE/Outlook And Office By Peter Deegan If you have Office installed, and you use Internet Explorer to view an infected Web page, that page-without your knowledge, or any action on your part-can wreak havoc on your system. It can drop a virus, delete a folder, scramble data, send your tax files to Timbuktu... anything. Similarly, if you use Outlook 98 or later to view an infected HTML message, that message-with no action on your part-can do anything to your system. Anti-virus legend Dr. Vesselin Bontchev confirmed [this] report by showing me an HTML file that exploits the security hole. It's... scary. It's way too easy to exploit, unlike some more obscure security problems you don't have to be a 'rocket scientist' to spread trouble. For that reason, WOW has decided to be quick about warning our readers to get the protective patch before examples of this spread 'in the wild.' At Microsoft, a team has been working day and night for the last few days to find a fix. Microsoft will be posting that fix in the next few hours. Let me make this really clear. Every single Office user who also uses Internet Explorer or Outlook 98 or later, MUST INSTALL THIS PATCH. It's only a matter of time before some %$#@! cretin figures out how to exploit this hole. You-and everyone you know-needs protection NOW. There's actually TWO security patches out today. We're particularly concerned with the Word 97 Template patch, but you should get the Forms 2.0 patch as well. More info on both problems below. Word 97 Template Security Patch: http://www.microsoft.com/security/bulletins/ms99-002.asp Microsoft Security Bulletin http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm Office Update Download Page Forms 2.0 Security Patch:<br> http://officeupdate.microsoft.com/downloaddetails/fm2paste.htm Office Update Download Page http://www.microsoft.com/security/bulletins/ms99-001.asp Microsoft Security Bulletin Please. Take a few seconds to forward this article to everyone you know who doesn't subscribe to WOW. Urge them in no uncertain terms to get the patches, and apply them immediately. All I ask is that you keep this article intact-don't change it-and that you send it in its entirety. If there are any updates, we'll post them to href="http://www.wopr.com/ immediately. And thanks to WOWser DavidF. Excellent work, my man. Raśl Cantero Business e-mail: [log in to unmask] Personal e-mail: [log in to unmask] or [log in to unmask] ################################################################ TechNet E-Mail Forum provided as a free service by IPC using LISTSERV 1.8c ################################################################ To subscribe/unsubscribe, send a message to [log in to unmask] with following text in the body: To subscribe: SUBSCRIBE TechNet <your full name> To unsubscribe: SIGNOFF TechNet ################################################################ Please visit IPC's web site (http://www.ipc.org) "On-Line Services" section for additional information. For technical support contact Hugo Scaramuzza at [log in to unmask] or 847-509-9700 ext.312 ################################################################