Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: Ed Forrest who wrote (8416)	2/23/2000 4:09:00 PM
From: theodore	Read Replies (1) \| Respond to of 110583

Mr.Ed Forrest,Here is the notice:Microsoft Security Bulletin (MS00-011) -------------------------------------- Patch Available for "VM File Reading" Vulnerability Originally Posted: February 18, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoft© virtual machine (Microsoft VM). The vulnerability could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet. In both cases the malicious applet would have to know the exact name and location of the files. Frequently asked questions regarding this vulnerability and the patch can be found at microsoft.com Issue ===== The Microsoft VM is a virtual machine for the Win32© operating environment. It runs atop Microsoft Windows© 95, 98 or Windows NT©. It ships as part of each operating system, and also as part of Microsoft Internet Explorer. The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read - but not change, delete or add - files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet. The malicious user would need to know the exactly path and filename of the files he wished to read. Affected Software Versions ========================== Versions of the Microsoft VM are identified by build numbers, which can be determined using the JVIEW tool, as discussed in the FAQ. The following builds of the Microsoft VM are affected: - All builds in the 2000 series. - All builds in the 3100 series. - All builds in the 3200 series. Note: The Microsoft VM ships as part of several products. However, the primary ship vehicle is Internet Explorer. Patch Availability ================== New versions of the Microsoft VM that include a fix for the vulnerability can be downloaded from the following locations: - 2000 series builds: microsoft.com - 3100 series builds: microsoft.com - 3200 series builds: microsoft.com Note: 2000 series builds are shipped as part of Internet Explorer 4.x; 3100 series builds are shipped as part of Internet Explorer 5; 3200 series builds are shipped as part of Internet Explorer 5.01. Note: Additional security patches are available at the Microsoft Download Center More Information ================ Please see the following references for more information related to this issue. - Frequently Asked Questions: Microsoft Security Bulletin MS00-011, microsoft.com. - Microsoft Security Advisor web site, microsoft.com.