PA Bear wrote:
> X-post to Security, Security.Homeusers, IE6 & WinXP General
> newsgroups. Followup set to microsoft.public.security.
>
> Microsoft Security Advisory (912840): Vulnerability in Graphics
> Rendering Engine Could Allow Remote Code Execution
> http://www.microsoft.com/technet/sec...ry/912840.mspx
>
> Welcome to the Microsoft Security Response Center Blog!
> New Security Advisory for Possible Windows Vulnerability
> http://blogs.technet.com/msrc/archiv...29/416569.aspx

As an addendum. This exploit is being used right now. I just received a
customer's computer that was infected with Spy Sherriff by this method. The
exploit was in a spam email. Turn off the preview pane in OE (always a good
idea) and turn off the Windows picture and fax viewer until Microsoft has a
fix.

Kerry

X-posted to OE General, OE6, Security & Security.Homeusers NGs.
Followup-to: WinXP General

Kerry Brown wrote:
> > X-post to Security, Security.Homeusers, IE6 & WinXP General
> > newsgroups. Followup set to microsoft.public.security.
> >
> > Microsoft Security Advisory (912840): Vulnerability in Graphics
> > Rendering Engine Could Allow Remote Code Execution
> > http://www.microsoft.com/technet/sec...ry/912840.mspx
> >
> > Welcome to the Microsoft Security Response Center Blog!
> > New Security Advisory for Possible Windows Vulnerability
> > http://blogs.technet.com/msrc/archiv...29/416569.aspx
>
> As an addendum. This exploit is being used right now. I just received a
> customer's computer that was infected with Spy Sherriff by this method.
> The exploit was in a spam email. Turn off the preview pane in OE (always
> a good idea) and turn off the Windows picture and fax viewer until
> Microsoft has a fix.

Preview Pane should be OK if...

OE: Tools > Options > Read > Read all messages in Plain Text (check)

OE: Tools>Options>Security>Download images... (check)

See
http://www.microsoft.com/technet/pro.../sp2email.mspx
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org