hey_moe
December 14th, 2008, 15:24
Microsoft (http://www.extremetech.com/topic/0,2944,t=Microsoft%20Corporation&s=27771,00.asp) has updated the security bulletin (http://www.microsoft.com/technet/security/advisory/961051.mspx), the released last night for a new and serious Internet Explorer vulnerability (http://blogs.pcmag.com/securitywatch/2008/12/internet_explorer_7_targeted_b.php). Initially it appeared that the vulnerability was only in Internet Explorer 7 (http://www.extremetech.com/topic/0,2944,t=Microsoft%20Internet%20Explorer&s=27771,00.asp), but after further analysis it seems as if all currently-supported versions of IE are affected, including the betas of IE8.'
http://common.ziffdavisinternet.com/util_get_image/22/0,1425,i=226615,00.jpg (javascript:OpenImageWindow('/image_popup/0,,iid=223314&aID=235001&sID=27771,00.asp', '640', '673');) click on image for full view (javascript:OpenImageWindow('/image_popup/0,,iid=223314&aID=235001&sID=27771,00.asp', '640', '673');)
The confusion may have come from the fact that the current attacks which brought the episode to light are IE7 specific. But further research shows that the underlying vulnerability is not.
Microsoft (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) also added a number of new workarounds to the advisory. This list includes the old ones and the new ones:
<LI itxtvisited="1">Set Internet and Local intranet security (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) zone settings to "High" <LI itxtvisited="1">Disable Active Scripting or set IE to prompt for it <LI itxtvisited="1">Enable DEP (only hardware (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) DEP will help) <LI itxtvisited="1">Use ACL to disable OLEDB32.DLL <LI itxtvisited="1">Unregister OLEDB32.DLL
Disable Data Binding support in Internet (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) Explorer 8
See the advisory for details on these workarounds. Does anyone else think that the bug is in OLEDB32.DLL?
On a separate note, a report from the Internet Storm Center (http://isc.sans.org/diary.html?storyid=5464) shows that the attack is being spread to Web sites through SQL (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) injection attacks that have been popular among the malware set for some time.
<!--include virtual="/common/util_article_parsing_procedures.asp"-->
http://common.ziffdavisinternet.com/util_get_image/22/0,1425,i=226615,00.jpg (javascript:OpenImageWindow('/image_popup/0,,iid=223314&aID=235001&sID=27771,00.asp', '640', '673');) click on image for full view (javascript:OpenImageWindow('/image_popup/0,,iid=223314&aID=235001&sID=27771,00.asp', '640', '673');)
The confusion may have come from the fact that the current attacks which brought the episode to light are IE7 specific. But further research shows that the underlying vulnerability is not.
Microsoft (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) also added a number of new workarounds to the advisory. This list includes the old ones and the new ones:
<LI itxtvisited="1">Set Internet and Local intranet security (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) zone settings to "High" <LI itxtvisited="1">Disable Active Scripting or set IE to prompt for it <LI itxtvisited="1">Enable DEP (only hardware (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) DEP will help) <LI itxtvisited="1">Use ACL to disable OLEDB32.DLL <LI itxtvisited="1">Unregister OLEDB32.DLL
Disable Data Binding support in Internet (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) Explorer 8
See the advisory for details on these workarounds. Does anyone else think that the bug is in OLEDB32.DLL?
On a separate note, a report from the Internet Storm Center (http://isc.sans.org/diary.html?storyid=5464) shows that the attack is being spread to Web sites through SQL (http://www.extremetech.com/article2/0,2845,2336805,00.asp#) injection attacks that have been popular among the malware set for some time.
<!--include virtual="/common/util_article_parsing_procedures.asp"-->