Microsoft Plugs Browser Hijack Holes
Results 1 to 4 of 4

Thread: Microsoft Plugs Browser Hijack Holes

  1. #1
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752

    Microsoft Plugs Browser Hijack Holes

    October 4, 2003
    Microsoft Plugs Browser Hijack Holes
    By Ryan Naraine

    Full Artical Here
    Microsoft (Quote, Chart) on Friday rushed out a major cumulative patch to plug 'critical' holes in Internet Explorer (IE) that allowed attackers to hijack the browser or change DNS server settings.

    In an unusual move, Microsoft issued an advisory late on Friday after security consultants warned that a QHosts-1 trojan was sneaking into PCs via unpatched Internet Explorer holes.
    Microsoft also warned that an attacker could use its WMP media player to open URLs and run exploits.
    Damn.....how many does that make this year alone??
    [EDIT]
    Microsoft Security Bulletin MS03-040


    Cumulative Patch for Internet Explorer (828750)
    Originally posted: October 3, 2003
    Full Advisory Here
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Interesting..................I loaded that cumulative service patch earlier today.

    Interesting question arises as what contributions to the spread of malware have been made by Internet Explorer and Outlook Express?

    They are both embedded products and are "free". Is it that not so much attention is paid to them because they produce no identifiable revenue? The developers can't get the budget?

    I have seen the other side of the coin in an outsourcing environment, where IT that was previously a hidden overhead became a direct cost. The users saw how much things would cost, and wouldn't commit the spend, yet whined about the "decline in service"


    Just my 0.02
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Thanks Mox! I'll get that patch out to our company environment ...somehow.

    They are both embedded products and are "free". Is it that not so much attention is paid to them because they produce no identifiable revenue? The developers can't get the budget?
    Great point nihil! Crap...never thought about that. Wonder if, in an effort to shore up profits, if MS will start charging a "special fee" for a "professional" version (aka. more secure!) of these products in the future. Geez, hope they aren't reading this.

    I like the conspiracist tendency you have nihil!

  4. #4
    This patch won't help you very much.

    Here's the reason:

    http://www.securityfocus.com/archive/1/340539

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides