Printable View
It seems that the patch for Microsoft Security Bulletin MS03-032 may be flawed.
Customers of mine who have applied the patch are still getting hit with Backdoor.Coreflood.dr which exploits the vulnerability described in MS03-032.
Here is an article regarding the fact that the patch itself may be flawed:
See this article: Microsoft IE security patch thrown in doubt
Tony: Since the variant you reference is transmitted via an infectewd web page why does your client keep going to this page????
I dunno.... It just seems silly to me..... ;)
Its not one customer or one web page. It is a variety of people visiting a variety of sites.
I have seen information on various lists that there are a number of web sites that seem to have been hacked and contain this malicious code.
Besides- whether or not my customers are morons isn't the point. The point is that these machines had the patch applied and should be protected from the MS03-032 vulnerability and yet still the exploit worked.
Microsoft has made their official statement regarding the allegedly flawed MS03-032 patch. It is sort of public relations double-speak worthy of a politician campaigning for office.
Basically- they claim that the patch does in fact fix the flaws it was intended to fix. They further claim that these machines that have the MS03-032 patch and were nonetheless affected by some exploit are actually the result of a NEW vulnerability or "variation" on the vulnerabilities reported in MS03-032.
They are investigating and 'upon completion of our investigation we will take appropriate action to protect our customers.'
To me, this translates to "we blatantly missed fixing a facet of the vulnerability and rather than admit that we are going to claim that it is actually an entirely different vulnerability". But, I could be wrong.
Here is an article from PCPro: Microsoft stands by IE security patch
Microsoft isn't Linux. It makes mistakes :p
On a more serious note, I will be following this article closely. The vulnerability could be in effect simply because as soon as the patch was first issued the creators of the exploit altered to code to make the process immune from the issued patch. It happens.
Nice post though, tony.
Regards,
Joe