New vulnerability in IE

[Lisandro]

Have you or antone else tried it (windizupdate) Bob ?

Works perfectly for me 

[polonus]

Hi Bob,

I think there must be a reason for you too, Bob, to use GreenBrowser in stead of the default embedded one.
It is like David says here, compromise the browser & you have compromised the OS, at least with IE. Good that MS did not hand out the information to alternate browsers to do the same.
To have a browser when it is such an important posible vehicle for malware vectors build in that deep as an integral part of the OS, is not a thing you do when you have security as a first priority.
Why does not MS come up with a new platform that is really lite, and only carries the OS, there would be a lot of vulnerabilities less to guess at.

polonus

[CharleyO]

***

Yes, I must agree that the internet browser (whatever it is called ... IE, FF, Flock, etc) should not be built into the operating system. I also think that the browser should not be so closely "related" to Windows Explorer. Why, after all this time and multiple problems, MS continues with this is beyond me.       


***

[DavidR]

Have you or antone else tried it (windizupdate) Bob ?

Works perfectly for me 

I just tried to install the same driver update and it failed again but I got a little more information this time, a missing file, "unable to load UPD62INT.DLL -- file not found?" So I will uninstall the plug-in and try again later.

[YLAP]

Latest info from http://isc.sans.org (INFOCon globe in Firefox just went yellow)

IE exploit on the loose, going to yellow (NEW)
Published: 2006-03-23,
Last Updated: 2006-03-23 20:18:59 UTC by Jim Clausing (Version: 1)

Folks, as Lorna predicted yesterday, it didn't take long for the exploits to appear for that IE vulnerability.  One has been making the rounds that pops the calculator up (no, I'm not going to point you to the PoC code, it is easy enough to find if you read any of the standard mailing lists), but it is a relatively trivial mod to turn that into something more destructive (in fact, one of our readers has provided us with a version that he created that is more destructive).  For that reason, we're raising Infocon to yellow for the next 24 hours.

[polonus]

Hi Ylap,

Thanks for that link to our Lithuanian friend.
They say in the article that locking down the computer may protect against this vulnerability. I like this confirmed. Read: http://www.eweek.com/article2/0,1759,1891447,00.asp
Read more here:
http://www.securityfocus.com/archive/1/427904/30/0/threaded
Stay malware free Ylap,

polonus

[Dwarden]

simple blocking .hta in Avast! webshield should work fine ...

that's similar to .wmf trick

[polonus]

Hi Dwarden,

Good analytical thought, and when the patch is there you can uncheck it again. But isn't it striking that the same holes come up again and again, like in a concert they are variations on the same theme. With IE it is a bit like "Peter and the Wolf".

polonus

[FreewheelinFrank]

More like Whack A Mole:

http://www.bobsspaceracers.com/frames/playagame.htm

http://www.flashradium.com/Htmdocs/Games/FlashFiles/WhackGame.swf

[YLAP]

Latest info from http://isc.sans.org (INFOCon globe in Firefox just went yellow)

IE exploit on the loose, going to yellow (NEW)
Published: 2006-03-23,
Last Updated: 2006-03-23 20:18:59 UTC by Jim Clausing (Version: 1)

Folks, as Lorna predicted yesterday, it didn't take long for the exploits to appear for that IE vulnerability.  One has been making the rounds that pops the calculator up (no, I'm not going to point you to the PoC code, it is easy enough to find if you read any of the standard mailing lists), but it is a relatively trivial mod to turn that into something more destructive (in fact, one of our readers has provided us with a version that he created that is more destructive).  For that reason, we're raising Infocon to yellow for the next 24 hours.

Update: At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights... here are the results:

Software-based DEP protecting core Windows programs: sploit worked
Software-based DEP protecting all programs: sploit worked
DropMyRights, config'ed to allow IE to run (weakest form of DropMyRights protection): sploit worked
Active Scripting Disabled: sploit failed

So, go with the last one, if you are concerned.  By the way, you should be concerned.

[polonus]

Hi forum folks,

Here is the evidence that ActiveX-scripting is at the base of this problem. I would say again. http://securitytracker.com/alerts/2006/Mar/1015812.html

polonus

[Mastertech]

The simplest solution is to install IE 7 Beta 2 refresh Build 5335.5. It is not vulnerable to this exploit - Download.

You have to uninstall the old BETA 2 first if you have that installed.

[neal62]

IMHO the simplest step in this case is to NOT use the Beta of I.E. 7 period. Just wait until they come out with a finished product. Maybe by then they will get things right for us their bread and butter. 

[TedNelly]

IMHO the simplest step in this case is to NOT use the Beta of I.E. 7 period. Just wait until they come out with a finished product. Maybe by then they will get things right for us their bread and butter. 

That'll be the day Neal hell they haven't had much practice at it have they mate??

[Mastertech]

That makes absolutely no sense. The latest IE 7 Beta is the only version of IE that is NOT affected by this vulnerability? Not to mention IE 7's interface is 100 times better than IE 6, you can easily uninstall it if you don't want it.