homepage Welcome to WebmasterWorld Guest from 54.226.166.224
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

This 40 message thread spans 2 pages: < < 40 ( 1 [2]     
New IE Attack Expected - Pre-Patch Workaround Issued
tedster




msg:563480
 5:40 am on Aug 19, 2005 (gmt 0)


Looks like a big storm is aiming straight for Internet Explorer, and Microsoft is scrambling to help users protect their systems.

Microsoft late Thursday issued an advisory with pre-patch workarounds to counter the public release of a zero-day exploit targeting users of its Internet Explorer browser...

There is no patch available for the vulnerability and, because exploit code has already been released, incident handlers at the SANS ISC (Internet Storm Center) believe a widespread attack is very likely...

In the absence of a patch, the company has published detailed workarounds and mitigation guidance [microsoft.com] to help block known attack vectors.

[url=http://www.eweek.com/article2/0,1759,1849948,00.asp?kc=EWRSS03129TX1K0000610]eWeek Article


 

kaled




msg:563510
 6:20 pm on Aug 20, 2005 (gmt 0)

So, you can have a UNIX environment without a case-sensitive file-system if you so choose.

Yes, I saw a unix clone (Xenix maybe) demonstrated many years ago without case-sensitive filenames, but the fact remains, these OS designers think case-sensitivity is a good thing, and, most certainly, it is not.

</offtopic>

Kaled.

xxxxxpp




msg:563511
 9:40 pm on Aug 20, 2005 (gmt 0)

This is the drop. I now officially (finally) changed to firefox. Just migrated my bookmarks, so I'm set.

bye IE :)

twist




msg:563512
 11:37 pm on Aug 20, 2005 (gmt 0)

bye IE

Microsoft wouldn't make it that easy, for starters windows update will only work with IE. A few places like legal movie streaming sites won't work with anything but IE either (DRM). That and the unskilled developers, including many government sites, that won't render properly unless you use IE.

My suggestion is to install the 'IE View' extension for firefox. That way if you run across one of these defunct sites you can still view the page in IE.

bedlam




msg:563513
 2:57 am on Aug 21, 2005 (gmt 0)

That and the unskilled developers, including many government sites, that won't render properly unless you use IE.

[slightly OT]
Y'know, I hear this a lot, but in more than a year of using Firefox/Opera exclusively (and mostly using Mozilla based browsers for some months before that) for all internet browsing, banking and shopping, I have yet to encounter one of these works-only-in-IE sites.

I don't doubt that they're out there, but I'm just not seeing them. Anyone want to sticky me a few examples?
[/slightly OT]

-B

twist




msg:563514
 3:43 am on Aug 21, 2005 (gmt 0)

Official Washington State tourism website, it's a good example so I hope it's not against TOS.

[experiencewashington.com...]

jdMorgan




msg:563515
 4:04 am on Aug 21, 2005 (gmt 0)

Herenvardo,

Yeah, you're right. I think it's just that the registry is *so complicated* that users can't be trusted; They might click on the .reg file wrong... You know, click too hard and knock the bits loose or something.

FixIE-MSddsDLL.reg:
REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F}]
"Compatibility Flags" = dword:00000400


The above code may wrap on small screens; The [] characters and everything within them must all be on one line or bad things may happen. Include three blank lines as shown. Use at your own risk. Create a restore point before proceeding, yadda, yadda.

Ref:
[microsoft.com...]
[support.microsoft.com...]

MS seems to enjoy making things harder than they need to be...

Jim

webdevsf




msg:563516
 8:07 pm on Aug 21, 2005 (gmt 0)

Does no one read anymore? or do we just see red at any post that says "IE Flaw".

How many of you out there are using VS 2002 without a service pack?

I'd guess, almost none.

This is barely even newsworthy.

Mitigating Factors:

The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in Windows.

The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in the .NET Framework.

Customers who do not have Msdds.dll on their systems are not affected by this vulnerability.

The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.

Customers who use Microsoft Office 2003 are not affected by this vulnerability.

Customers who use Microsoft Access 2003 are not affected by this vulnerability.

Customers who use Microsoft Office XP Service Pack 3 are not by default affected by this vulnerability. See Frequently Asked Question I am running Microsoft Office XP Service Pack 3, am I affected by this vulnerability? for additional details.

Customers who use Microsoft Access 2002 Service Pack 3 are not by default affected by this vulnerability. See Frequently Asked Question I am running Microsoft Office XP Service Pack 3, am I affected by this vulnerability? for additional details.

Customers who use Microsoft Visual Studio 2003 are not affected by this vulnerability.

Customers who use Microsoft Visual Studio 2002 Service Pack 1 are not affected by this vulnerability.

Leosghost




msg:563517
 11:43 pm on Aug 21, 2005 (gmt 0)

MS shills come and go ..the fact remains the OS is flaky..and the customer service for the non Engish language OS users is non existant ..

Leosghost




msg:563518
 12:29 am on Aug 22, 2005 (gmt 0)

And that MS currently has 4 ..yes 4 ..known ..( to themselves holes in the OS that can be exploited ..see their own security section ) plus this one ..and not one of their patches works on other than English versions of the affected OS's ( but they send all other language users to the English language patches anyway for the downloads of the supposed cures )..."run em and weep!"

ps ..580kb ( each current Eng patch size..c'mon!) is damn near the size of an OS ..not a patch )...code bloat or obfuscation ..as jim says / hints ..

<google "shaddock">

Open message to ..Redmond ..Why not just mark " please do not use regedit ..the .dlls are not to tightly attached"..?

I'll lay money that within 5/10 years max only the PRO version of the "doze of the moment" will be shipped with regedit ( or it's successor ) enabled ..

The rest will say something like "please refer to microsoft agreed service center for all problems with your system no user servicable components inside" or " ya didn't enable auto update ..so sit on it!" ..with of course the smiley ..and using the MS text to speech engine in "mary in space" mode..

keyplyr




msg:563519
 12:33 am on Aug 22, 2005 (gmt 0)


...but in more than a year of using Firefox/Opera exclusively... I have yet to encounter one of these works-only-in-IE sites.

Try [windowsupdate.microsoft.com...]

This 40 message thread spans 2 pages: < < 40 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved