Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.

Source:

This flaw exploits the Windows Graphics Rendering Engine and is reported to affect Internet Explorer, Outlook, and Outlook Express, as well as Firefox and Opera.

editorial aside: Since it is has suggested by an e-peep or two that the "Lib" media can not be trusted, I'm certain that all you Windows users have nothing to worry about since the Washington Post is reporting this. ;-)

Another source of information about this flaw is that purveyor of "Trustworthy Computing" -- Microsoft.

Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site. Microsoft is aware that this vulnerability is being actively exploited.

Microsoft has determined that an attacker using this exploit would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. In an e-mail based attack, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. In both the web and email based attacks, the code would execute in the security context of the logged-on user.

A possible workaround has been reported a word of warning: improperly changing the .dll settings of a computer can cause serious problems.

* Click on Start > Run.
* Type:
regsvr32 /u shimgvw.dll
* Click OK
* Click OK again when the dialog appears.

Note that this can have an effect on the display of some thumbnails in Windows.

Addendum: to reregister (undo the workaround) the .dll use this command: regsvr32 shimgvw.dll

Windows-based Instant Messaging users beware:

A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to a victim's computer.

The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file, according to a security advisory issued Tuesday by IMlogic.

People who click on the file will see an image of Santa, but what they are less likely to notice is a so-called rootkit being installed onto their system. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack. The malicious attacker can then distribute messages to the user's IM contacts, using a similar technique to lure the unsuspecting acquaintance to click on the link.

Since some of the (e:peeps) love sushi and are computer geeks, this might be the perfect xmas gift . . .



On the other hand for the (e:peeps) in touch with their feminine side (no not you (e:jason)), there is always . . .





If you find this interesting, check out the rest of the top 10 weirdest USB drives at

--walt

Firefox 1.5 is availalble now right here

And of course, you need some extensions to go with your FireFox. There are so many great ones: ForcastFox, Google Toolbar, TabFX, Web Developer. To install some of these old standards, go to Tools>Extensions and click to link at the bottom of the extensions window to "Find new extensions."

A new version of Firefox often leads to some issues with extension compatability. (E:Paul)'s fave, Live Headers is no longer available, but I'm sure it will be soon.

And with a major upgrade like 1.5, new plugins are available.

First up: Foxpose
Fans of the Mac OSX Expose feature will know what to expect here. Foxpoxe puts a button in your status bar that wil display all of your open tabs in a visual grid.

And Also Hotness: Tab Preview
This extension makes it so that thumbnail previews of each page pop up when you hover the mouse over the tabs. It's a super fast way to scan through a set of open tabs. Tab browsing addicts will love it.

Happy browsing, Buffalo!

What it is:
An automatically self-updating PC health service that runs quietly in the background. It helps give you persistent protection against viruses, hackers, and other threats, and helps keep your PC tuned up and your important documents backed up.

For more information on the anti-virus beta check out

for more information on the Windows Live concept check out

--walt