The infocon level at incidents.org has been lowered back to green although there is still no patch for this issue from Microsoft and the threat still exists. They like to use the higher level to get attention to an issue, but not leave it on higher alert level for extended periods. They also have noted that Microsoft has updated their advisory.
Below is their summary of the details.
Following statements are summary of updated information.
The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.
The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in the .NET Framework.
Microsoft Office 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Access 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Visual Studio 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Visual Studio 2002 Service Pack 1 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Office XP Service Pack 3 are not by default affected by this vulnerability. However, its only in a vulnerable configuration if VS runtime library files are in the search path for Internet Explorer. These files are Msvcr70.dll and Msvscp70.dll. For instance by placing them in the same directory as Msdds.dll or in the %windir%/system32 directory could expose Office XP customers to this issue.
Related PostsRelated Posts
- Internet Explorer 0-day (take 2 of the last few days...) The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML... Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch......
- Out of Cycle Windows Update - Patch Today Yesterday news broke of an out of cycle security patch for Windows. The bulletin is available from Microsoft. Apparently the vulnerability was in the Windows Server service (XP, 2003, 2000, 2008, Vista ALL affected though regardless of server/workstation/client/desktop/etc...). The RPC handling (remote procedure call) is the achilles heel this time......
- Microsoft updates are out for July and they affect no fewer than 18 issues in Office and Windows. 13 issues are tagged as critical, others as important. They are all bundled into 7 update downloads. 8 vulnerabilities within Excel have been addressed in all of this. Office 2000 users will have to manually update (Office XP/2003......
- Ruin Your Credit Fast, pt 2 Granted, there are a wide variety of different ways that you can ruin your credit over time, but do you want to know what the quickest and most dangerous ways are? Here are five ways that you can quickly and effectively destroy your credit. Continued from Part 1 By taking......
- Houston computers affected by virus A virus is playing havoc with the municipal court operations in Houston. The court system had to close down Friday afternoon after a computer virus affected access to data on court cases. Courtroom operations aren't expected to be back in business before Thursday morning. People can pay fines and conduct......
- Coin Grading 101 Coin grading is the process of assessing the value of a coin, an important practice for beginning coin collectors to learn. There are several factors to take into account when grading coins, namely their quality, rarity, interest, and liquidity. The higher the coin is on these scales, the more valuable......
- Update on Internet Explorer Zero Day exploit
- Another update on the 0day Explorer exploit
- Massive Windows Update Tuesday
- Powerpoint vulnerability (August 2006)
- Microsoft August Updates