The Computer Incident Advisory Capability (CIAC) has issued an alert
concerning security vulnerabilities in Microsoft's Internet Explorer
for Windows 95 and NT 4.0. The vulnerability allows an arbitary program
to be executed on a user's machine when accessing a malicious Web site.
For example, selecting a URL on a Web site could cause the standard
Windows calculator to start executing. Other programs, such as format or
deltree, might also be executed, which can be more malicious in nature.
These programs are executed without permission by the user - the
standard security mechanisms provided with Internet Explorer are
bypassed completely.
Microsoft has addressed the problem with a patch on their Web site at:
http://www.microsoft.com/ie/security/update.htm
Please connect to this site to download the patch and for more details.
For assistance, contact Diann Dicesare (x7158,dicesare@cebaf.gov).
Most of the users at Jefferson Lab are using the Netscape web browser
as opposed to Internet Explorer. This security alert does not pertain
to any version of Netscape or versions of Internet Explorer for Windows
3.1, Windows for Workgroups 3.x, Windows NT 3.51, or Macintosh. If you
are using Microsoft's Internet Explorer for either Windows 95 or NT 4.0
you should apply the recommended patch.
Diann Dicesare
Computer Center