Welcome to WebmasterWorld Guest from 54.224.5.186

Forum Moderators: incrediBILL

Message Too Old, No Replies

New IE Attack Expected - Pre-Patch Workaround Issued

     
5:40 am on Aug 19, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0



Looks like a big storm is aiming straight for Internet Explorer, and Microsoft is scrambling to help users protect their systems.

Microsoft late Thursday issued an advisory with pre-patch workarounds to counter the public release of a zero-day exploit targeting users of its Internet Explorer browser...

There is no patch available for the vulnerability and, because exploit code has already been released, incident handlers at the SANS ISC (Internet Storm Center) believe a widespread attack is very likely...

In the absence of a patch, the company has published detailed workarounds and mitigation guidance [microsoft.com] to help block known attack vectors.

[url=http://www.eweek.com/article2/0,1759,1849948,00.asp?kc=EWRSS03129TX1K0000610]eWeek Article

6:20 pm on Aug 20, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


So, you can have a UNIX environment without a case-sensitive file-system if you so choose.

Yes, I saw a unix clone (Xenix maybe) demonstrated many years ago without case-sensitive filenames, but the fact remains, these OS designers think case-sensitivity is a good thing, and, most certainly, it is not.

</offtopic>

Kaled.

9:40 pm on Aug 20, 2005 (gmt 0)

Junior Member

joined:Sept 23, 2004
posts:119
votes: 0


This is the drop. I now officially (finally) changed to firefox. Just migrated my bookmarks, so I'm set.

bye IE :)

11:37 pm on Aug 20, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 8, 2004
posts:865
votes: 0


bye IE

Microsoft wouldn't make it that easy, for starters windows update will only work with IE. A few places like legal movie streaming sites won't work with anything but IE either (DRM). That and the unskilled developers, including many government sites, that won't render properly unless you use IE.

My suggestion is to install the 'IE View' extension for firefox. That way if you run across one of these defunct sites you can still view the page in IE.

2:57 am on Aug 21, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 30, 2003
posts:728
votes: 0


That and the unskilled developers, including many government sites, that won't render properly unless you use IE.

[slightly OT]
Y'know, I hear this a lot, but in more than a year of using Firefox/Opera exclusively (and mostly using Mozilla based browsers for some months before that) for all internet browsing, banking and shopping, I have yet to encounter one of these works-only-in-IE sites.

I don't doubt that they're out there, but I'm just not seeing them. Anyone want to sticky me a few examples?
[/slightly OT]

-B

3:43 am on Aug 21, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 8, 2004
posts:865
votes: 0


Official Washington State tourism website, it's a good example so I hope it's not against TOS.

[experiencewashington.com...]

4:04 am on Aug 21, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Herenvardo,

Yeah, you're right. I think it's just that the registry is *so complicated* that users can't be trusted; They might click on the .reg file wrong... You know, click too hard and knock the bits loose or something.

FixIE-MSddsDLL.reg:

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F}]
"Compatibility Flags" = dword:00000400


The above code may wrap on small screens; The [] characters and everything within them must all be on one line or bad things may happen. Include three blank lines as shown. Use at your own risk. Create a restore point before proceeding, yadda, yadda.

Ref:
[microsoft.com...]
[support.microsoft.com...]

MS seems to enjoy making things harder than they need to be...

Jim

8:07 pm on Aug 21, 2005 (gmt 0)

Full Member

10+ Year Member

joined:Dec 6, 2002
posts:279
votes: 0


Does no one read anymore? or do we just see red at any post that says "IE Flaw".

How many of you out there are using VS 2002 without a service pack?

I'd guess, almost none.

This is barely even newsworthy.

Mitigating Factors:

The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in Windows.

The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in the .NET Framework.

Customers who do not have Msdds.dll on their systems are not affected by this vulnerability.

The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.

Customers who use Microsoft Office 2003 are not affected by this vulnerability.

Customers who use Microsoft Access 2003 are not affected by this vulnerability.

Customers who use Microsoft Office XP Service Pack 3 are not by default affected by this vulnerability. See Frequently Asked Question I am running Microsoft Office XP Service Pack 3, am I affected by this vulnerability? for additional details.

Customers who use Microsoft Access 2002 Service Pack 3 are not by default affected by this vulnerability. See Frequently Asked Question I am running Microsoft Office XP Service Pack 3, am I affected by this vulnerability? for additional details.

Customers who use Microsoft Visual Studio 2003 are not affected by this vulnerability.

Customers who use Microsoft Visual Studio 2002 Service Pack 1 are not affected by this vulnerability.

11:43 pm on Aug 21, 2005 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


MS shills come and go ..the fact remains the OS is flaky..and the customer service for the non Engish language OS users is non existant ..
12:29 am on Aug 22, 2005 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


And that MS currently has 4 ..yes 4 ..known ..( to themselves holes in the OS that can be exploited ..see their own security section ) plus this one ..and not one of their patches works on other than English versions of the affected OS's ( but they send all other language users to the English language patches anyway for the downloads of the supposed cures )..."run em and weep!"

ps ..580kb ( each current Eng patch size..c'mon!) is damn near the size of an OS ..not a patch )...code bloat or obfuscation ..as jim says / hints ..

<google "shaddock">

Open message to ..Redmond ..Why not just mark " please do not use regedit ..the .dlls are not to tightly attached"..?

I'll lay money that within 5/10 years max only the PRO version of the "doze of the moment" will be shipped with regedit ( or it's successor ) enabled ..

The rest will say something like "please refer to microsoft agreed service center for all problems with your system no user servicable components inside" or " ya didn't enable auto update ..so sit on it!" ..with of course the smiley ..and using the MS text to speech engine in "mary in space" mode..

12:33 am on Aug 22, 2005 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8289
votes: 331



...but in more than a year of using Firefox/Opera exclusively... I have yet to encounter one of these works-only-in-IE sites.

Try [windowsupdate.microsoft.com...]

This 40 message thread spans 2 pages: 40
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members