X-posted to OE General, OE6, Security & Security.Homeusers NGs.
Followup-to: WinXP General

Kerry Brown wrote:
> > X-post to Security, Security.Homeusers, IE6 & WinXP General
> > newsgroups. Followup set to microsoft.public.security.
> >
> > Microsoft Security Advisory (912840): Vulnerability in Graphics
> > Rendering Engine Could Allow Remote Code Execution
> > http://www.microsoft.com/technet/sec...ry/912840.mspx
> >
> > Welcome to the Microsoft Security Response Center Blog!
> > New Security Advisory for Possible Windows Vulnerability
> > http://blogs.technet.com/msrc/archiv...29/416569.aspx
>
> As an addendum. This exploit is being used right now. I just received a
> customer's computer that was infected with Spy Sherriff by this method.
> The exploit was in a spam email. Turn off the preview pane in OE (always
> a good idea) and turn off the Windows picture and fax viewer until
> Microsoft has a fix.

Preview Pane should be OK if...

OE: Tools > Options > Read > Read all messages in Plain Text (check)

OE: Tools>Options>Security>Download images... (check)

See
http://www.microsoft.com/technet/pro.../sp2email.mspx
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

Since I cannot find the item to check about 'download images . . . ' is this
feature only on XP?
Thanks,
Joe
"PA Bear" <PABearMVP@gmail.com> wrote in message
news:u5S98wKDGHA.3984@TK2MSFTNGP14.phx.gbl...
> X-posted to OE General, OE6, Security & Security.Homeusers NGs.
> Followup-to: WinXP General
>
> Kerry Brown wrote:
> > > X-post to Security, Security.Homeusers, IE6 & WinXP General
> > > newsgroups. Followup set to microsoft.public.security.
> > >
> > > Microsoft Security Advisory (912840): Vulnerability in Graphics
> > > Rendering Engine Could Allow Remote Code Execution
> > > http://www.microsoft.com/technet/sec...ry/912840.mspx
> > >
> > > Welcome to the Microsoft Security Response Center Blog!
> > > New Security Advisory for Possible Windows Vulnerability
> > > http://blogs.technet.com/msrc/archiv...29/416569.aspx
> >
> > As an addendum. This exploit is being used right now. I just received a
> > customer's computer that was infected with Spy Sherriff by this method.
> > The exploit was in a spam email. Turn off the preview pane in OE (always
> > a good idea) and turn off the Windows picture and fax viewer until
> > Microsoft has a fix.
>
> Preview Pane should be OK if...
>
> OE: Tools > Options > Read > Read all messages in Plain Text (check)
>
> OE: Tools>Options>Security>Download images... (check)
>
> See
>
http://www.microsoft.com/technet/pro.../sp2email.mspx
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>

Yes (WinXP SP2).
--
~PA Bear

jt3 wrote:
> Since I cannot find the item to check about 'download images . . . ' is
> this feature only on XP?
> Thanks,
> Joe
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:u5S98wKDGHA.3984@TK2MSFTNGP14.phx.gbl...
> > X-posted to OE General, OE6, Security & Security.Homeusers NGs.
> > Followup-to: WinXP General
> >
> > Kerry Brown wrote:
> > > > X-post to Security, Security.Homeusers, IE6 & WinXP General
> > > > newsgroups. Followup set to microsoft.public.security.
> > > >
> > > > Microsoft Security Advisory (912840): Vulnerability in Graphics
> > > > Rendering Engine Could Allow Remote Code Execution
> > > > http://www.microsoft.com/technet/sec...ry/912840.mspx
> > > >
> > > > Welcome to the Microsoft Security Response Center Blog!
> > > > New Security Advisory for Possible Windows Vulnerability
> > > > http://blogs.technet.com/msrc/archiv...29/416569.aspx
> > >
> > > As an addendum. This exploit is being used right now. I just received
> > > a customer's computer that was infected with Spy Sherriff by this
> > > method. The exploit was in a spam email. Turn off the preview pane in
> > > OE (always a good idea) and turn off the Windows picture and fax
> > > viewer until Microsoft has a fix.
> >
> > Preview Pane should be OK if...
> >
> > OE: Tools > Options > Read > Read all messages in Plain Text (check)
> >
> > OE: Tools>Options>Security>Download images... (check)
> >
> > See
> >
> http://www.microsoft.com/technet/pro.../sp2email.mspx
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

It's new to XP SP2.

--

Mike - http://pages.prodigy.net/michael_santovec/techhelp.htm


"jt3" <jt3@cranky.computer> wrote in message
news:eNOfwGLDGHA.2956@TK2MSFTNGP14.phx.gbl...
> Since I cannot find the item to check about 'download images . . . '
> is this
> feature only on XP?
> Thanks,
> Joe
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:u5S98wKDGHA.3984@TK2MSFTNGP14.phx.gbl...
>> X-posted to OE General, OE6, Security & Security.Homeusers NGs.
>> Followup-to: WinXP General
>>
>> Kerry Brown wrote:
>> > > X-post to Security, Security.Homeusers, IE6 & WinXP General
>> > > newsgroups. Followup set to microsoft.public.security.
>> > >
>> > > Microsoft Security Advisory (912840): Vulnerability in Graphics
>> > > Rendering Engine Could Allow Remote Code Execution
>> > > http://www.microsoft.com/technet/sec...ry/912840.mspx
>> > >
>> > > Welcome to the Microsoft Security Response Center Blog!
>> > > New Security Advisory for Possible Windows Vulnerability
>> > > http://blogs.technet.com/msrc/archiv...29/416569.aspx
>> >
>> > As an addendum. This exploit is being used right now. I just
>> > received a
>> > customer's computer that was infected with Spy Sherriff by this
>> > method.
>> > The exploit was in a spam email. Turn off the preview pane in OE
>> > (always
>> > a good idea) and turn off the Windows picture and fax viewer until
>> > Microsoft has a fix.
>>
>> Preview Pane should be OK if...
>>
>> OE: Tools > Options > Read > Read all messages in Plain Text (check)
>>
>> OE: Tools>Options>Security>Download images... (check)
>>
>> See
>>
> http://www.microsoft.com/technet/pro.../sp2email.mspx
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP,
>> DTS-L.org
>>
>
>

Thank you, both.

Joe
"jt3" <jt3@cranky.computer> wrote in message
news:eNOfwGLDGHA.2956@TK2MSFTNGP14.phx.gbl...
> Since I cannot find the item to check about 'download images . . . ' is
this
> feature only on XP?
> Thanks,
> Joe
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:u5S98wKDGHA.3984@TK2MSFTNGP14.phx.gbl...
> > X-posted to OE General, OE6, Security & Security.Homeusers NGs.
> > Followup-to: WinXP General
> >
> > Kerry Brown wrote:
> > > > X-post to Security, Security.Homeusers, IE6 & WinXP General
> > > > newsgroups. Followup set to microsoft.public.security.
> > > >
> > > > Microsoft Security Advisory (912840): Vulnerability in Graphics
> > > > Rendering Engine Could Allow Remote Code Execution
> > > > http://www.microsoft.com/technet/sec...ry/912840.mspx
> > > >
> > > > Welcome to the Microsoft Security Response Center Blog!
> > > > New Security Advisory for Possible Windows Vulnerability
> > > > http://blogs.technet.com/msrc/archiv...29/416569.aspx
> > >
> > > As an addendum. This exploit is being used right now. I just received
a
> > > customer's computer that was infected with Spy Sherriff by this
method.
> > > The exploit was in a spam email. Turn off the preview pane in OE
(always
> > > a good idea) and turn off the Windows picture and fax viewer until
> > > Microsoft has a fix.
> >
> > Preview Pane should be OK if...
> >
> > OE: Tools > Options > Read > Read all messages in Plain Text (check)
> >
> > OE: Tools>Options>Security>Download images... (check)
> >
> > See
> >
>
http://www.microsoft.com/technet/pro.../sp2email.mspx
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
> >
>
>