Microsoft vulnerability whack-a-mole continues…..



Translation – Microsoft patched one vulnerability another surfaces…. Incidents.org brings us the frustrating news….

If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released after the out of cycle Microsoft patch for MSIE.

So…. here are the possible workarounds….


Alternative browser – yeah I saw the analysis showing that they have had vulnerabilities too. For the most part they’re different and at this point I don’t know of major unpatched vulnerabilities, the bottom line is there seems to be a very active exploit campaign to keep IE unsafe for daily use – ok FINE make THEM try to figure out which other browsers to attack….. Short term though it should provide you with a safer haven (AND IF you’re running Windows 98SE or ME…. that alternative browser is pretty much your best bet at this point outside of a true upgrade of the base Operating System.)

OK – you could disable activeX, but… you need to allow it for Windows update. (And of course, you may need it for any variety of custom uses.) Killbits for this activeX control could be used….{844F4806-E8A8-11d2-9652-00C04FC30871} and {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} (Incidents has prepared an application to take care of the killbit setting/unsetting for you here. The affected dll is webvw.dll

As always, keep the antivirus updated, and be cautious with links from unknown/unexpected/untrusted sources. (Email links might be designed to entice you to a page that would exploit this for example.)

Anyone care to take bets that we’ll see another 0-day released within 3 days of October 10?

What all of this means (outside of the fact that Explorer has many problems…) is that there are those that distribute spyware and adware and keyloggers that DON’T want to go away quietly. There are a lot of people making big money with sneak adware installs, probably from keylogger aggregations, etc. Until the economics of that is “attacked” and their costs driven up to where it’s not worth the risk, then I suspect the flood will not end. The incentive is not that there are software vulnerabilities. The incentive is that people can make money from them.

–update 10/1/06–
f-secure has info on this too.

AND Incidents.org is at “yellow alert” as an exploit for this has been seen in the wild. – workarounds as of right now are, up-to-date antivirus, the above mentioned killbits and possible alternative browsers – although there’s a current zero-day against firefox to keep in mind…. (no exploits in the wild have been reported yet on THAT one.)

Unofficial patches for this are available as well. As usual, unofficial patches are not officially recommended…. (that makes sense..)

–update 10/2/06–
The SecurityFix tells us that Microsoft is now warning about the setslice vulnerability, ANOTHER IE vulnerability and the Powerpoint issue that’s been covered here among other places. It’s certainly a busy week for incident response….

One note that Brian brings us is a suggestion to move to IE7 which so far has proven resistant to these recent Internet Explorer flaws.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft's priorities... I didn't really think of this in context, but George Ou points out that Microsoft issued an "out of cycle" patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of......
  • Exploit in the wild for Apple vulnerability A couple days ago there was a release of Mac OS X 10.4.7 which addressed several security flaws. There is now an exploit published for one of these vulnerabilities. The attacker using this exploit could gain remote root (administrator) access to the machine. So, don't delay any further on patching.......
  • Microsoft Internet Explorer patches for unsupported OS versions (Windows 98 and ME) For starters, if you're using Windows 98 or ME still in a production system, you REALLY need to be looking at migration options and you should realize that the architecture of those systems is NOT conducive to a good secure platform. No XP isn't perfect, but it is an improvement......
Blog Traffic Exchange Related Websites
  • Closing Down a House for the Winter Whether you have a vacation home that will not be in use for the winter, or you will be gone from your home for an extended period of time this season, it is a good idea to properly close up your home for the winter. This is not difficult and......
  • US-CERT - Apple Releases Multiple Security Updates Apple Releases Multiple Security Updates Original release date: October 12, 2011 at 4:11 pm Last revised: October 12, 2011 at 4:11 pm Apple has released security updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4 to address multiple vulnerabilities. Exploitation of these vulnerabilities......
  • Conflicker - I mean, seriously If you don't already know, conflicker is a worm that exploits a buffer overflow in the windows server service.  The worm is wiley - there are several hundred variants and it is difficult to know how widespread it is.  You can find more info on the Wiki or on the......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site