The big news this week is the huge release of patches from Microsoft. On the heels of last months ground-shaking JPEG vulnerability, Microsoft announced nine security updates, MS04-029 through MS04-038. Of the group, six have a critical severity rating.
Collectively, the nine updates fix over 20 specific problems. Within the critical updates, such as MS04-032, not all versions of Windows are the same rating, but none is less than important.
Included in the MS04-038 update are fixes for the infamous drag-and-drop vulnerability identified several months ago that affects virtually all editions of Windows, including XP Service Pack 2. Overall, however, most of the updates are for versions of Windows other than SP2. See our Windows Security Alerts and Updates for more information.
Symantec, McAfee and Trend are reporting a new worm that spreads using the MSN or Microsoft Messenger address book. Sounding like a kids idea of a good time, W32/Funner.A-mm, is a moderately destructive worm that creates copies of itself called “Explorer.exe” and “IExplorer.exe” in the Windows system folder. It also adds 937 web site entries to the victims HOSTS file, pointing all requests for these sites to a single IP address. See our top threat for more information.
Personal Firewalls have become as ubiquitous as anti-virus utilities in Internet Security suites, as well as in Windows XP, but how do you tell if theyre any good? PC Magazine Labs put two leading firewalls through a real-world stress test. Check out Personal Firewall: Dont surf without it.” to see how Norton and McAfee fare locking horns with some of the toughest hacking challenges on the web.
to read the full story at PCMag.com.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.