The infocon level at incidents.org has been lowered back to green although there is still no patch for this issue from Microsoft and the threat still exists. They like to use the higher level to get attention to an issue, but not leave it on higher alert level for extended periods. They also have noted that Microsoft has updated their advisory.
Below is their summary of the details.
Following statements are summary of updated information.
The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.
The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in the .NET Framework.
Microsoft Office 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Access 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Visual Studio 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Visual Studio 2002 Service Pack 1 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Office XP Service Pack 3 are not by default affected by this vulnerability. However, its only in a vulnerable configuration if VS runtime library files are in the search path for Internet Explorer. These files are Msvcr70.dll and Msvscp70.dll. For instance by placing them in the same directory as Msdds.dll or in the %windir%/system32 directory could expose Office XP customers to this issue.
Related PostsRelated Posts
- Microsoft vulnerability whack-a-mole continues..... Translation - Microsoft patched one vulnerability another surfaces.... Incidents.org brings us the frustrating news.... If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released......
- Update on Internet Explorer Zero Day exploit Yesterday I mentioned a SANS report on a possible zero day exploit against Internet Explorer. Today they have more details in the handlers diary. Among other things SANS has issued a patch for it. Essentially the zero day (or previously unknown) vulnerability deals with a .Net framework file, msdds.dll .......
- Microsoft updates are out for July and they affect no fewer than 18 issues in Office and Windows. 13 issues are tagged as critical, others as important. They are all bundled into 7 update downloads. 8 vulnerabilities within Excel have been addressed in all of this. Office 2000 users will have to manually update (Office XP/2003......
- Houston computers affected by virus A virus is playing havoc with the municipal court operations in Houston. The court system had to close down Friday afternoon after a computer virus affected access to data on court cases. Courtroom operations aren't expected to be back in business before Thursday morning. People can pay fines and conduct......
- Microsoft ships Windows 7 SP1 and Windows Server 2008 R2 SP1 Microsoft has released the Service Pack 1 (SP1) update for Windows 7 and Windows Server 2008 R2. The update is available via the Microsoft's Update Center or Windows Update. The service pack releases add to the performance improvements and security enhancements to the existing versions of corresponding operating systems. Below......
- Fake Prosperity: U.S. National Debt Growth vs. GDP Growth If you're a member of Gen X and Gen Y, this is probably the scariest chart you will see in 2011, and possibly, right up to the time you're old and gray. As you can clearly see, the crony capitalism, fake prosperity, recycled Keynesianism memes et al., have been a great......
- Update on Internet Explorer Zero Day exploit
- Another update on the 0day Explorer exploit
- Massive Windows Update Tuesday
- Powerpoint vulnerability (August 2006)
- Microsoft August Updates