Microsoft's Latest Security Updates -- The Good, the Bad, and the Ugly - Three Configuration Changes
(Page 2 of 3 )
Three Configuration Changes Recommended
So much for the patches -- but we're not done yet. In addition to these seven security bulletins, Microsoft also recommended three configuration changes to enhance security. These changes affect Internet Explorer 6.0 and Outlook Express 5.5 SP2. If you use either of those, you might want to pay attention.
Disable ADODB.Stream in Windows ActiveX Control
First, for Internet Explorer 6.0, ADODB.Stream in Windows ActiveX Control needs to be disabled. This change applies to Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Windows 98, Windows 98 SE, and Windows Millennium Edition. To fix this problem, you're going to have to modify the registry; make sure you make a back-up first. Knowledge Base Article 870669 contains the information you'll need to make this change. Why does this configuration need to be changed? When the normal configuration is combined with certain well-known security vulnerabilities in IE, an attacker can use a malicious Web site to execute script from the victim's Local Machine zone. That's because, when ADODB.Stream is enabled, and hosted in IE, it permits access to the hard disk.
Limit Shell Automatic Service ActiveX Control
For the second configuration change, you'll need to limit the functionality of the Shell Automatic Service ActiveX control (shell.application). This fix is included in the seventh security bulletin. It's also available through Windows Update or the Microsoft Download Center.
Read HTML Mail in Restricted Zones
The third configuration change is included with the first patch. This one is especially for Outlook Express 5.5 SP2. It forces users to read HTML mail in the restricted zones of the program. This way, users (and networks) will be less likely to fall victim to malicious code sent in e-mail.
Next: Download.ject Virus >>
More Windows Security Articles
More By Terri Wells
