Results 1 to 4 of 4

Thread: Microsoft Plugs Browser Hijack Holes

  1. October 4th, 2003, 04:05 PM #1
    moxnix
    moxnix is offline
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752

    Microsoft Plugs Browser Hijack Holes

    October 4, 2003
    Microsoft Plugs Browser Hijack Holes
    By Ryan Naraine

    Full Artical Here
    Microsoft (Quote, Chart) on Friday rushed out a major cumulative patch to plug 'critical' holes in Internet Explorer (IE) that allowed attackers to hijack the browser or change DNS server settings.

    In an unusual move, Microsoft issued an advisory late on Friday after security consultants warned that a QHosts-1 trojan was sneaking into PCs via unpatched Internet Explorer holes.
    Microsoft also warned that an attacker could use its WMP media player to open URLs and run exploits.
    Damn.....how many does that make this year alone??
    [EDIT]
    Microsoft Security Bulletin MS03-040


    Cumulative Patch for Internet Explorer (828750)
    Originally posted: October 3, 2003
    Full Advisory Here
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown
    Reply With Quote Reply With Quote
  2. October 4th, 2003, 07:02 PM #2
    nihil
    nihil is offline
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Interesting..................I loaded that cumulative service patch earlier today.

    Interesting question arises as what contributions to the spread of malware have been made by Internet Explorer and Outlook Express?

    They are both embedded products and are "free". Is it that not so much attention is paid to them because they produce no identifiable revenue? The developers can't get the budget?

    I have seen the other side of the coin in an outsourcing environment, where IT that was previously a hidden overhead became a direct cost. The users saw how much things would cost, and wouldn't commit the spend, yet whined about the "decline in service"


    Just my £0.02
    Reply With Quote Reply With Quote
  3. October 4th, 2003, 08:17 PM #3
    ric-o
    ric-o is offline
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    486
    Thanks Mox! I'll get that patch out to our company environment ...somehow.

    They are both embedded products and are "free". Is it that not so much attention is paid to them because they produce no identifiable revenue? The developers can't get the budget?
    Great point nihil! Crap...never thought about that. Wonder if, in an effort to shore up profits, if MS will start charging a "special fee" for a "professional" version (aka. more secure!) of these products in the future. Geez, hope they aren't reading this.

    I like the conspiracist tendency you have nihil!
    Reply With Quote Reply With Quote
  4. October 8th, 2003, 01:11 PM #4
    MindwarperX
    MindwarperX is offline
    Banned
    Join Date
    Apr 2003
    Posts
    4
    This patch won't help you very much.

    Here's the reason:

    http://www.securityfocus.com/archive/1/340539
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules