There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it won’t be long before it’s bundled into other malware delivery structures…. You might look at alternative browsers, BUT…. be forewarned that one of these vulnerabilities appears to work on a fully patched install of Mozilla-Firefox. (According to Sans – the Secunia code doesn’t – but the full disclosure exploit code does affect Firefox.) I’ve seen word of early 1.5.0.5 builds being available – I wonder if that will be modified to fix this issue?
Tag: internet explorer
-
Big Windows June update day
Updates for Windows for the month of June are out today and it looks like some list! 12 updates covering 20 or more vulnerabilities. MANY of these are tagged as critical. (Critical vulnerabilities are considered remotely exploited or with little (or no) user interaction.) Sans has a good listing of the advisories. This month it is a bit much to track in one big whallop… but I’ll try to give a summary here.
-
Microsoft June Patch Cycle heads up
It’s about that time again folks…. Monthly Microsoft patch cycle – June patches will be released on the 13th (next Tuesday) and it looks like a big batch. There should be 12 patches this time and at least one of the Windows updates is Critical and at least one of the Office updates is critical. It’s widely expected that an update will be released for the Word vulnerability that’s been talked about previously here. Also, there will be a change in the ActiveX behavior in Internet Explorer. That change had been scheduled to come out a few months back, but was postponed.
-
Firefox 1.5.0.4 out….
I haven’t seen news to this yet, just found it on Mozilla.com, but the 1.5.0.4 release of firefox seems to have been released sometime today. (1.5.0.4 of Thunderbird was announced earlier today.) I don’t know how quick Google is at directing to the new version of firefox, but I’ll include a link in this message for those of you that don’t have it…. Firefox is a very nice customizable, free (open source) web browser that I’ve found many people prefer to Internet Explorer for a number of reasons….
-
Circuit City Support forum serving up trojan….
Embarrasing…. and a big pain in the neck for any of their visitors… It seems as though if you’ve visited Circuit City’s Support Forum with an unpatched Internet Explorer, you likely have a trojan/backdoor of some sort on your pc. (Assuming Explorer hasn’t been patched since January. In reality – if you haven’t updated explorer since then, there are likely SEVERAL backdoors. Call someone to work on it….)
-
Windows Automatic Updates now checking Genuine Advantage…
According to ibnlive.com started today (June 1st) Microsoft will be utilizing their Genuine Advantage check through the Automatic Update feature. Up until now, you have only been prompted for the Genuine Advantage check when visiting the Windows update site directly. (I can only assume the Genuine Advantage check is the method the article speaks of to verify if you have a licensed copy of windows.) Essentially, they say they will not be taking details like name/address, but they will nag you that you have a pirated copy of Windows and updates will not be available.
-
Google Wins Bidding War for Dell Desktop Placement
Google has apparently won a pricey bidding war in the race to have their software bundled with new Dell PC’s over the next 3 years. Essentially, I suspect this means, Google Desktop (perhaps Google Pack?) will be preinstalled, as well as browser settings adjusted to make a Google-ified search page the default and probably Google as the default search provider for the browser. They apparently dug in their heels and were determined to win the bidding after seeing the built in search box in IE7 which is in Beta….
-
Wow, impressive comment spam storm
But perhaps you are not as powerful as the emporer has foreseen…. I just skimmed the stats and saw an abornmal spike in traffic over the last hour, so being curious…. I checked the server logs and saw trackback post after trackback post, all different Internet Explorer versions. It doesn’t seem to be the same ip address repeating, but several. (Could it be a bot net?) Anyway, not much time here to investigate on that. Fortunately though, the trackback spam defending jedi akismet has been holding it’s own quite well with the onslaught. This is frankly the biggest trackback spam storm I’ve seen EVER which makes me curious as to why I came up on the radar…
-
Quickbooks “An error has occurred in the script on this page”
I ran into an install of Quickboos Pro 2005 that was having a peculiar problem. When any company file was opened I was seeing an Internet Explorer Script Error message (quickbooks uses Internet Explorer to parse the company page ( Usually C:\Program Files\Intuit\Quickbooks\Components\Pages\Comppage.qpg ) The error basically said “An error has occurred in the script on this page” it gave a line and char number and there were three different Error: messages. One was Object Required and another was Class not registered. This is a Windows XP Pro system with all current updates for windows AND quickbooks.
-
3 Critical Microsoft Updates, 1 Important, 1 Moderate and 1 re-released
Looks like an interesting patch day. Looks like there are several bugs covered by the cumulative IE patch… Sans has a good writeup (7 CVE issues addressed by this 1 patch….) Also the Eolas ActiveX settlement (“Eolas Patent Patch”) solution seems to be included in this bundle. Also a MDAC and a Windows Explorer (not to be confused with the Internet Explorer) patch. (The Windows Explorer AND MDAC bugs are Remote code execution vulnerabilities…)