Microsoft Advisory 917077

[hlecter]

This is NOT an April Fools Joke:

Link to Advisory from MS:

http://www.microsoft.com/technet/security/advisory/917077.mspx

Excerpt:
As of the latest update to this Advisory the following members of the Virus Information Alliance have indicated that their antivirus software provides protection from exploitation of the vulnerability discussed in this advisory.
•   

Symantec
•   

Computer Associates
•   

McAfee
•   

F-Secure Corporation
•   

Panda Software International
•   

Aladdin
•   

Sophos
•   

Eset Software
•   

Trend Micro
•   

Norman
•   

Kaspersky

As currently known attacks can change, the level of protection offered by antivirus vendors at any time may vary. Customers are advised to contact their preferred antivirus vendor with any questions they may have or to confirm additional information regarding their vendor’s method of protection against exploitation of this vulnerability.

I am missing a name from the list....

Link to Secunias Advisory:

http://secunia.com/advisories/18680/


I have switched to Opera, but I suppose a couple of persons are still using IE. 
HL

[hlecter]

Can't be joking all day long. 

HL

[Vlk]

You should be safe with avast as well. We don't have a generic protection against this (yet) [and frankly, I'd say most of the vendors you listed don't have it as well] - but we're monitoring the situation and adding signatures... As a matter of fact, the situation is not as serious as it could be (it's e.g. much better than in the case of the WMF exploit discovered in December 2005).


FYI Avast is not on that list because we're not members of the Microsoft VIA...


Thanks
Vlk

[hlecter]

Vlk,

Thanks for reply. Always good to get a serious and honest reply. 

As I said, I switched to Opera and I turn off active scripting in IE if I need using it, so I feel safe.

I have been monitoring a couple of POC sites and I must admit I was a bit disappointed when Avast didn't get it.(And more and more AV's do). 

Let's hope MS get the patch ready. That's the final solution anyway.

HL

[hlecter]

Was very glad to see this today:

03.04.2006 - 0614-0

JS:Exploit-CVE2006-1359,.........

because this is what I asked for and that (almost) all other vendors take care of by now.

But still a bit disappointed when going to a POC at DSL-reports security forum:

http://<removed for security reasons by me.htm>

No alerts from Avast at all.  :'(

A bit misleading I think.   :'(

Here is the link to Secunia Advisory:

http://secunia.com/advisories/18680/

Please look at how dangerous this exploit is and that the CVE-reference in the advisory is identical to the CVE-reference posted above.
HL

[Vlk]

It's as always with proof-of-concept stuff. You can't judge the detection of the REAL THING according to the detection of the POC...

As I've said, there's no generic detection of this built in to avast (yet) but the malicious pages out there should still be blocked...

[hlecter]

Vlk,

ok, but people judge from what they see and that is hopefully a POC and NOT the REAL THING.

Difficult to test with the REAL THING.

Why not put in a detection for this POC also. Do you need the link?

[Vlk]

Why not, please send it (them?) to virus@avast.com, hopefully they virus lab guys will agree with you (I do ).

Thanks
Vlk

[hlecter]

Vlk, done, with a copy to you.

I suppose we'll have to wait an hour or two.

HL

[hlecter]

Just a little feedback:

The 0614-1, released 04.04.2006 took care of the POC-site I submitted.

Let's hope it takes care of the real threat as well. 

Probably still a week to go before MS releases the final solution.

Thanks for the response.

HL

[RejZoR]

Vlk, regarding that VIA membership or lets say lack of it from the Alwils side...
It's the question of money right? Most of such stuff is usually... no wonder small companies can't afford such stuff in all places...

[Vlk]

I wouldn't say it's about money, it's more like we're not really interested.

I mean, VIA is a group inside Microsoft whose responsibility is to inform MS users about current threats. Since Microsoft is starting its own AV business, I don't see a reason why 3rd party companies should cooperate with Microsoft on this...

It's more like a marketing thing; but I'd say many companies will actually drop their VIA membership after they start feeling offended by Microsoft's competitive offerings.

[RejZoR]

Yes, that indeed makes sense...