In our Security Information for week 45 last year, we discussed a security problem with Internet Explorer which had as a consequence that a user was vulnerable for infection from malicious programs when opening an e-mail or visiting a web site. This exploit was first accomplished by the worm VBS/Bubble (BubbleBoy).

Several months ago Microsoft released a patch which corrects the vulnerability.

In recent weeks however, we have seen that a new worm JS/KAK.A.Worm have been posted on several news groups. Lots of infections from this worm have been reported. The author of this worm utilizes exactly the same vulnerability in Internet Explorer / Outlook Express as VBS/Bubble.

This week's Security Information will not discuss this worm in particular. Suffice is to say that it attaches itself to every outgoing e-mail after a computer has been infected.

However, this emphasizes an interesting point with respect to software security: Even though vendors of software products issue patches to known security issues, lots of end-users do not install these patches, thus leaving them vulnerable.

New readers of our Security Information and/or users of Microsoft's Internet programs should apply one or all of the following to solve this well-known vulnerability:

• Install the patch from Microsoft. More information about the patch and the vulnerability is available in Microsoft's Security Bulletin MS99-032. 
• Change the security settings in Outlook or Internet Explorer for the Internet Zone to high.
• Disable Active Scripting in the Internet Zone. How to disable Active Scripting is described in Norman's Security Information for week 43/1999.

Norman encourages system administrators and Internet users to subscribe to security information from vendors of the software you use, as well as subscribing to relevant vendor independent security mailing lists. More information about some of these is available from Norman's Internet Security page.

Per Olav Førland