-
October 4th, 2003, 04:05 PM
#1
Microsoft Plugs Browser Hijack Holes
October 4, 2003
Microsoft Plugs Browser Hijack Holes
By Ryan Naraine
Full Artical Here
Microsoft (Quote, Chart) on Friday rushed out a major cumulative patch to plug 'critical' holes in Internet Explorer (IE) that allowed attackers to hijack the browser or change DNS server settings.
In an unusual move, Microsoft issued an advisory late on Friday after security consultants warned that a QHosts-1 trojan was sneaking into PCs via unpatched Internet Explorer holes.
Microsoft also warned that an attacker could use its WMP media player to open URLs and run exploits.
Damn.....how many does that make this year alone??
[EDIT]
Microsoft Security Bulletin MS03-040
Cumulative Patch for Internet Explorer (828750)
Originally posted: October 3, 2003
Full Advisory Here
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
October 4th, 2003, 07:02 PM
#2
Interesting..................I loaded that cumulative service patch earlier today.
Interesting question arises as what contributions to the spread of malware have been made by Internet Explorer and Outlook Express?
They are both embedded products and are "free". Is it that not so much attention is paid to them because they produce no identifiable revenue? The developers can't get the budget?
I have seen the other side of the coin in an outsourcing environment, where IT that was previously a hidden overhead became a direct cost. The users saw how much things would cost, and wouldn't commit the spend, yet whined about the "decline in service"
Just my £0.02
-
October 4th, 2003, 08:17 PM
#3
Thanks Mox! I'll get that patch out to our company environment ...somehow.
They are both embedded products and are "free". Is it that not so much attention is paid to them because they produce no identifiable revenue? The developers can't get the budget?
Great point nihil! Crap...never thought about that. Wonder if, in an effort to shore up profits, if MS will start charging a "special fee" for a "professional" version (aka. more secure!) of these products in the future. Geez, hope they aren't reading this.
I like the conspiracist tendency you have nihil!
-
October 8th, 2003, 01:11 PM
#4
Banned
This patch won't help you very much.
Here's the reason:
http://www.securityfocus.com/archive/1/340539
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|