e-mail my dad got from his work (DOD guy) microsoft exploits

[jeffie7]

just thought I'd share. btw for the outsiders DOD = department of defense
This e-mail was sent out today.

A new, yet-to-be patched, "Zero-Day" vulnerability has been discovered
in
Microsoft Windows 2000/XP/2003/Vista and exploits for this vulnerability
are currently circulating and may have already affected DoD computer
systems. The exploits are based around a vulnerability in the way
Microsoft Windows handles animated cursor and icon files (.ANI, .CUR,
.ICO).

In order for this attack to be carried out, a user must either visit a
web
site that contains a web page that is used to exploit the vulnerability
or
view (or even preview) a specially crafted e-mail message or email
attachment sent to them by an attacker. Upon viewing a web page,
previewing or reading a specially crafted message, or opening a
specially
crafted email attachment the attacker could execute arbitrary code or
cause a denial of service (persistent reboot). Ultimately, the attacker
could gain control of the system with the same user rights as the local
user.

The "Zero-Day" vulnerability (named so because there are currently no
patches to correct the flaw) is present in the following Microsoft
products:

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Vista

Normally, the Joint Task Force Global Network Operations (JTF-GNO) would
issue an Information Assurance Vulnerability Alert (IAVA) for this type
of
vulnerability, but since there are currently no patches to correct the
flaw, we are advising users that extreme caution should be exercised
when
visiting websites and opening/previewing unsolicited emails and email
attachments from both known and unknown sources.

For more information about this vulnerability and other computer
security
issues, please visit NRL's Information Assurance website:

 

[posol]

in other words

"This effects IE and outlook"


getfirefox.com
getthunderbird.com

problem patched

 

[TurboMirage]

x2!

 

[SHOGUNOVDDRK]

+3

 

[Drake]

To bad the government does not feel the same way. I did see a add-on for firefox that would secure firefox to DoD specs. Dont know how accurate it is but i thought that was pretty cool

 

[jeffie7]

I've been a FF and TB user for.... not sure how long. I've never looked back!

 

[FFCiv]

sounds fake

 

[jeffie7]

Being that it's from the DOD I highly doubt it.

 

[Drake]

Yeah no joke. Plus is this any sort of surprise to you that this is possible?