Zeroday Internet Explorer vulnerability update



The infocon level at incidents.org has been lowered back to green although there is still no patch for this issue from Microsoft and the threat still exists. They like to use the higher level to get attention to an issue, but not leave it on higher alert level for extended periods. They also have noted that Microsoft has updated their advisory.


Below is their summary of the details.

Following statements are summary of updated information.
The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.

The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in the .NET Framework.

Microsoft Office 2003 are not affected by this vulnerability. (ships a higher version dll)

Microsoft Access 2003 are not affected by this vulnerability. (ships a higher version dll)

Microsoft Visual Studio 2003 are not affected by this vulnerability. (ships a higher version dll)

Microsoft Visual Studio 2002 Service Pack 1 are not affected by this vulnerability. (ships a higher version dll)

Microsoft Office XP Service Pack 3 are not by default affected by this vulnerability. However, its only in a vulnerable configuration if VS runtime library files are in the search path for Internet Explorer. These files are Msvcr70.dll and Msvscp70.dll. For instance by placing them in the same directory as Msdds.dll or in the %windir%/system32 directory could expose Office XP customers to this issue.

Related Posts

Blog Traffic Exchange Related Posts
  • Powerpoint vulnerability (August 2006) I'm having to make sure I put the date in the title of these posts now.... over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using powerpoint files. And by the 20th (Sunday) it was being called a 0-day.......
  • 7 Updates coming from Microsoft in July We can expect 7 updates next week from Microsoft on the monthly patch day for July. Four of the updates will be for Windows, and 3 for Microsoft Office. There will be at least one critical update for each. It's expected that we'll see an update for the Excel issues......
  • Out of Cycle Windows Update - Patch Today Yesterday news broke of an out of cycle security patch for Windows. The bulletin is available from Microsoft. Apparently the vulnerability was in the Windows Server service (XP, 2003, 2000, 2008, Vista ALL affected though regardless of server/workstation/client/desktop/etc...). The RPC handling (remote procedure call) is the achilles heel this time......
Blog Traffic Exchange Related Websites
  • Microsoft ships Windows 7 SP1 and Windows Server 2008 R2 SP1 Microsoft has released the Service Pack 1 (SP1) update for Windows 7 and Windows Server 2008 R2. The update is available via the Microsoft's Update Center or Windows Update. The service pack releases add to the performance improvements and security enhancements to the existing versions of corresponding operating systems. Below......
  • Ruin Your Credit Fast, pt 2 Granted, there are a wide variety of different ways that you can ruin your credit over time, but do you want to know what the quickest and most dangerous ways are? Here are five ways that you can quickly and effectively destroy your credit. Continued from Part 1 By taking......
  • Microsoft Warns of SQL Attack SQL stands for Structured Query Language. SQL Attack is kind of Hacking attack. Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software. Microsoft issued a security advisory late Monday, saying that the......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site