Firstly, this is not a Rev Ed bug, not their fault, and beyond their control.
Secondly, it only affects some users in very specific circumstances.
When running BAS805.EXE to install the Programming Editor it uses MS Windows Installer (MSI). If, at the time when asked where the installation should be made to, there are shared drives and folders on other PC's on the LAN which MSI notices, MSI will open a TCP connection to those PC's, and also open a Listening TCP port. Unfortunately this Listening port is not closed down at the end of installation; MSIEXEC.EXE is left executing with the port open and can be accessed through any internet connection which happens to hit upon your IP address and that port number. There is no visible evidence of MSIEXEC.EXE running in the task list.
I noticed this on a Win98SE box when I was suddenly flooded with attempts to access the port which the firewall caught. Attacks on MSIEXEC may not create vulnerabilities but it is something to be aware of. As always, if you connect to the internet, use a decent firewall which catches and prevents unwanted attacks - My favourite is the Freeware Kerio Personal Firewall.
The problem affects all applications which use MSI to install themselves, particularly those which automatically present a list of directories or disks to install to as the shared-out PC's are immediately spotted by MSI and the Listening port is created.
The Programming Editor installation is less vulnerable than those built with MS Visual Installer as it presents a default installation directory, and the Listening port only gets created if you browse and select a networked drive.
Most users, installing the Programming Editor to the default directory, appear unlikely to be affected by this issue.
Secondly, it only affects some users in very specific circumstances.
When running BAS805.EXE to install the Programming Editor it uses MS Windows Installer (MSI). If, at the time when asked where the installation should be made to, there are shared drives and folders on other PC's on the LAN which MSI notices, MSI will open a TCP connection to those PC's, and also open a Listening TCP port. Unfortunately this Listening port is not closed down at the end of installation; MSIEXEC.EXE is left executing with the port open and can be accessed through any internet connection which happens to hit upon your IP address and that port number. There is no visible evidence of MSIEXEC.EXE running in the task list.
I noticed this on a Win98SE box when I was suddenly flooded with attempts to access the port which the firewall caught. Attacks on MSIEXEC may not create vulnerabilities but it is something to be aware of. As always, if you connect to the internet, use a decent firewall which catches and prevents unwanted attacks - My favourite is the Freeware Kerio Personal Firewall.
The problem affects all applications which use MSI to install themselves, particularly those which automatically present a list of directories or disks to install to as the shared-out PC's are immediately spotted by MSI and the Listening port is created.
The Programming Editor installation is less vulnerable than those built with MS Visual Installer as it presents a default installation directory, and the Listening port only gets created if you browse and select a networked drive.
Most users, installing the Programming Editor to the default directory, appear unlikely to be affected by this issue.