The infocon level at incidents.org has been lowered back to green although there is still no patch for this issue from Microsoft and the threat still exists. They like to use the higher level to get attention to an issue, but not leave it on higher alert level for extended periods. They also have noted that Microsoft has updated their advisory.
Below is their summary of the details.
Following statements are summary of updated information.
The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.
The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in the .NET Framework.
Microsoft Office 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Access 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Visual Studio 2003 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Visual Studio 2002 Service Pack 1 are not affected by this vulnerability. (ships a higher version dll)
Microsoft Office XP Service Pack 3 are not by default affected by this vulnerability. However, its only in a vulnerable configuration if VS runtime library files are in the search path for Internet Explorer. These files are Msvcr70.dll and Msvscp70.dll. For instance by placing them in the same directory as Msdds.dll or in the %windir%/system32 directory could expose Office XP customers to this issue.
Related PostsRelated Posts
- Internet Explorer 0-day (take 2 of the last few days...) The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML... Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch......
- Microsoft Releasing out of Cycle Patch for Internet Explorer Exploit Take a look at the official announcement. They've moved outside the usual update cycle for this one. VERY good move Microsoft to get this patch in before the holidays as it looks as though there's been a spike in the use of this particular exploit and with people doing a......
- Powerpoint vulnerability (August 2006) I'm having to make sure I put the date in the title of these posts now.... over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using powerpoint files. And by the 20th (Sunday) it was being called a 0-day.......
- Coin Grading 101 Coin grading is the process of assessing the value of a coin, an important practice for beginning coin collectors to learn. There are several factors to take into account when grading coins, namely their quality, rarity, interest, and liquidity. The higher the coin is on these scales, the more valuable......
- Microsoft Warns of SQL Attack SQL stands for Structured Query Language. SQL Attack is kind of Hacking attack. Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software. Microsoft issued a security advisory late Monday, saying that the......
- How To Remove Vista Internet Security 2011 Virus You may be the latest victim of Vista Internet Security 2011. This name-changing virus has the different version, but no matter what version you have, the issues are the equivalent. The cyberpunks who formulated this virus were quite professional to make the program dynamically change its name according to windows......
- Update on Internet Explorer Zero Day exploit
- Another update on the 0day Explorer exploit
- Massive Windows Update Tuesday
- Powerpoint vulnerability (August 2006)
- Microsoft August Updates