Microsoft vulnerability whack-a-mole continues…..



Translation – Microsoft patched one vulnerability another surfaces…. Incidents.org brings us the frustrating news….

If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released after the out of cycle Microsoft patch for MSIE.

So…. here are the possible workarounds….


Alternative browser – yeah I saw the analysis showing that they have had vulnerabilities too. For the most part they’re different and at this point I don’t know of major unpatched vulnerabilities, the bottom line is there seems to be a very active exploit campaign to keep IE unsafe for daily use – ok FINE make THEM try to figure out which other browsers to attack….. Short term though it should provide you with a safer haven (AND IF you’re running Windows 98SE or ME…. that alternative browser is pretty much your best bet at this point outside of a true upgrade of the base Operating System.)

OK – you could disable activeX, but… you need to allow it for Windows update. (And of course, you may need it for any variety of custom uses.) Killbits for this activeX control could be used….{844F4806-E8A8-11d2-9652-00C04FC30871} and {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} (Incidents has prepared an application to take care of the killbit setting/unsetting for you here. The affected dll is webvw.dll

As always, keep the antivirus updated, and be cautious with links from unknown/unexpected/untrusted sources. (Email links might be designed to entice you to a page that would exploit this for example.)

Anyone care to take bets that we’ll see another 0-day released within 3 days of October 10?

What all of this means (outside of the fact that Explorer has many problems…) is that there are those that distribute spyware and adware and keyloggers that DON’T want to go away quietly. There are a lot of people making big money with sneak adware installs, probably from keylogger aggregations, etc. Until the economics of that is “attacked” and their costs driven up to where it’s not worth the risk, then I suspect the flood will not end. The incentive is not that there are software vulnerabilities. The incentive is that people can make money from them.

–update 10/1/06–
f-secure has info on this too.

AND Incidents.org is at “yellow alert” as an exploit for this has been seen in the wild. – workarounds as of right now are, up-to-date antivirus, the above mentioned killbits and possible alternative browsers – although there’s a current zero-day against firefox to keep in mind…. (no exploits in the wild have been reported yet on THAT one.)

Unofficial patches for this are available as well. As usual, unofficial patches are not officially recommended…. (that makes sense..)

–update 10/2/06–
The SecurityFix tells us that Microsoft is now warning about the setslice vulnerability, ANOTHER IE vulnerability and the Powerpoint issue that’s been covered here among other places. It’s certainly a busy week for incident response….

One note that Brian brings us is a suggestion to move to IE7 which so far has proven resistant to these recent Internet Explorer flaws.

   Send article as PDF   

Similar Posts