FINALLY: A real fix for the IE hole?
Results 1 to 9 of 9

Thread: FINALLY: A real fix for the IE hole?

  1. #1
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024

    FINALLY: A real fix for the IE hole?

    Source: http://www.internetnews.com/security...le.php/3387301

    July 28, 2004
    Microsoft: Out-of-Cycle Security Patch Coming
    By Ryan Naraine

    Microsoft (Quote, Chart) plans to release an out-of-cycle security patch next week to fix a software flaw that led to the sophisticated Download.Ject malware attack, company officials disclosed on Wednesday.

    The company will release the patch, which is currently being tested, next week as a "critical" security update to provide a "long-term solution to the core vulnerability" that led to the Download.Ject attack.

    Dean Hachamovitch, Microsoft group product manager for Internet Explorer, made the announcement, saying the patch would cover IE versions 5.01, 5.5 and 6.0.

    The software giant has already released a Trojan detection and removal tool to help PC users clean up after the attack, which targeted well-known software flaws to install keystroke loggers and other malicious code on infected systems.

    The 118 kilobyte removal tool is programmed to remove the payload delivered by the server-side Download.Ject Trojan. The Trojan, also known as Scob, exploited vulnerabilities in Microsoft's IIS 5.0 servers and IE to distribute malware programs. It started spreading late last month after unknown attackers uploaded a small file with JavaScript to infected Web sites running Microsoft IIS 5.0 servers.

    A user visiting an infected site with IE automatically became infected with the JavaScript, which triggered a download from a Russian Web site. The download included Trojan horse programs like keystroke loggers, proxy servers and other back doors providing full access to the infected system.

    In addition to the Trojan detection and removal tool, Microsoft issued a slew of Windows configuration changes aimed at thwarting the Download.Ject attack. Hachamovitch said that those changes did not provide a complete fix to the core vulnerability.

    "Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience," Hachamovitch said.

    Microsoft is also testing a clean-up tool for the latest mutant of the MyDoom virus that started squirming through major search engines earlier this week. The virus has been programmed to launch of distributed Denial of Service attacks against the Microsoft.com home page.

    When it's released, the tool will be available for download here.
    IMO, It's about damn time they get it fixed and patched. Took em what, 3 weeks?
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    DjM

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    I already have a patch and a fix for all problem's concerning IE. It's called Mozilla Firefox.
    Space For Rent.. =]

  4. #4
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    Well damn, someone got to it earlier than me. Oh well.

    Yea spyder, but some people get scared by something called mozilla. Particulraly my mother. She doesn't want to start using thunderbird over outlook because it "sounds weird".
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  5. #5
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Exclamation IE Patch Released...INSTALL INSTALL INSTALL!

    The patch has been released already! And on a Friday no less, thanks M$.

    http://www.microsoft.com/technet/sec.../MS04-025.mspx
    Microsoft Security Bulletin MS04-025
    Cumulative Security Update for Internet Explorer (867801)

    Issued: July 30, 2004
    Version: 1.0
    Summary

    Who should read this document: Customers who use Microsoft® Internet Explorer

    Impact of Vulnerability: Remote Code Execution

    Maximum Severity Rating: Critical

    Recommendation: Customers should apply the update immediately.

    Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS04-004, which is itself a cumulative update.

    Caveats: This update does not include hotfixes for Internet Explorer provided since the release of MS04-004. Customers who have received hotfixes from Microsoft or their support providers since the release of MS04-004 should review the FAQ section for this update to determine how this update might impact their operating systems.

    Tested Software and Security Update Download Locations:

    Affected Software:
    •Microsoft Windows NT® Workstation 4.0 Service Pack 6a
    •Microsoft Windows NT Server 4.0 Service Pack 6a
    •Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    •Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4
    •Microsoft Windows XP and Microsoft Windows XP Service Pack 1
    •Microsoft Windows XP 64-Bit Edition Service Pack 1
    •Microsoft Windows XP 64-Bit Edition Version 2003
    •Microsoft Windows Server® 2003
    •Microsoft Windows Server 2003 64-Bit Edition
    •Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

    Tested Microsoft Windows Components:

    Affected Components:
    •Internet Explorer 5.01 Service Pack 2: Download the update.
    •Internet Explorer 5.01 Service Pack 3: Download the update.
    •Internet Explorer 5.01 Service Pack 4: Download the update.
    •Internet Explorer 5.5 Service Pack 2: Download the update.
    •Internet Explorer 6: Download the update.
    •Internet Explorer 6 Service Pack 1: Download the update.
    •Internet Explorer 6 Service Pack 1 (64-Bit Edition): Download the update.
    •Internet Explorer 6 for Windows Server 2003: Download the update.
    •Internet Explorer 6 for Windows Server 2003 (64-Bit Edition): Download the update.

    Yea spyder, but some people get scared by something called mozilla. Particulraly my mother. She doesn't want to start using thunderbird over outlook because it "sounds weird".
    LOL, yeah I have the same problem with friends and family.

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Well damn, someone got to it earlier than me. Oh well.

    Yea spyder, but some people get scared by something called mozilla. Particulraly my mother. She doesn't want to start using thunderbird over outlook because it "sounds weird".
    Well then take the time to explain to them that it can cause the computer to have problems if they use it (don't need to get all "techie" with them). It meaning Internet Explorer. Let them know also of some of the nice feature's Firefox has to offer.
    Space For Rent.. =]

  7. #7
    What do you guys think how my family feels about "Linux" over windows, lol....if there's no Start button, it's not an OS for them !

  8. #8
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    I know my family refuses to use firefox because it "looks weird" or they "don't understand the bookmark" structure

    o well... job security for the rest of us
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    I know my family refuses to use firefox because it "looks weird" or they "don't understand the bookmark" structure
    I wish that was the main excuse for IE being used where I work..

    most pages that the company need to access either will only work or work correctly under IE
    I already have a patch and a fix for all problem's concerning IE. It's called Mozilla Firefox.
    As commented.. Job security for us.. Many of us here are aware of the problems of M$ and IE in particular.. So we don't realy need or want the Chirps of "use XXX OS or YYY Browser it pisses on MS" .. others of us just (currently) have to work with it

    .

    Hmm noticed some thing else.. MS have changed the Windows Update page in the past 8 hours

    Hmm " fixed the problem but the car is still broken "

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •