Author Topic: Exploit for "Zero-Day" Vulnerability Detected by Microsoft  (Read 42020 times)

0 Members and 1 Guest are viewing this topic.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #15 on: April 02, 2007, 09:46:22 PM »
thanks marc57
Depending upon your level of concern and/or exposure you could install the eEye patch now, or wait (one day) for Microsoft's official update. But be sure to look for this update on or after Tuesday, April 3rd.-sure will-but will get the official update to be on the safe side ::)
click to make kiss a-little bigger ;D


Thanks for the pic. I think I'll wait until tomorrow, I'm running I.E. in protected mode and have Windows Mail set for text only so I think I'll be OK. (hope)
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

drhayden1

  • Guest
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #16 on: April 02, 2007, 09:49:03 PM »
explain your protected mode or stealth mode you are running to say that your are protected...just curious ??? ::)
click on pic to enlarge ::) :P

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #17 on: April 02, 2007, 09:58:10 PM »
explain your protected mode or stealth mode you are running to say that your are protected...just curious ??? ::)
click on pic to enlarge ::) :P


It was stated by Microsoft that if you have I.E. set to protected mode (Vista only) that it would stop the exploit if you browsed to a bad site.

"The exposure to attacks that exploit the flaw is mitigated on Vista machines with Internet Explorer 7, Microsoft noted. IE 7 protected mode shields the computer against drive-by installations because the browser is restricted to where it can write files."

(You have to have UAC turned on for this to work)
« Last Edit: April 02, 2007, 10:01:14 PM by marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

drhayden1

  • Guest
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #18 on: April 02, 2007, 10:00:43 PM »
ok-you are right on that-later my friend-stay protected in all things you do ;)
« Last Edit: April 02, 2007, 10:03:27 PM by drhayden1 »

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #19 on: April 02, 2007, 10:11:42 PM »
ok-you are right on that-later my friend-stay protected in all things you do ;)


Thanks my friend, I'll try.  One more thing, Your protected on the e-mail front if Windows Mail is set to text only, BUT if you reply or foreward the bad e-mail you can get infected because (for some reason) Windows Mail turns it back to HTML.  ???
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #20 on: April 03, 2007, 06:13:45 PM »
For Firefox users

You might want to read this.

Firefox ANI exploit on the way - no protected mode

http://blogs.zdnet.com/Ou/?p=461
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

avatar2005

  • Guest
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #21 on: April 03, 2007, 07:02:01 PM »
Spooky :o :o

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #22 on: April 03, 2007, 07:06:19 PM »
Only George Ou could use a MS bug to bash Firefox.  ::)

Isn't the fix for this out today anyway?
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #23 on: April 03, 2007, 07:11:15 PM »
Only George Ou could use a MS bug to bash Firefox.  ::)

Isn't the fix for this out today anyway?
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

avatar2005

  • Guest
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #24 on: April 03, 2007, 07:12:48 PM »
I Just spoke with Opera support team & they said that Opera is safe to protect against ANI Exploit... for now... :-\ ::) ::)

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #25 on: April 03, 2007, 07:15:27 PM »
Thanks Bob!

I checked a few moments ago and it wasn't available in the UK, but I'll try again later.

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #26 on: April 03, 2007, 07:25:12 PM »
Thanks Bob!

I checked a few moments ago and it wasn't available in the UK, but I'll try again later.


I checked earlier this morning and it wasn't available here. Re-checked after I saw your post
and it was there. Thanks  :)
A reboot is required after this update.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

drhayden1

  • Guest
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #27 on: April 03, 2007, 07:30:26 PM »
Security Update for Windows XP (KB925902)
just got it......
Microsoft released the below security bulletin to address a CRITICAL vulnerability issue in Windows:

MS07-017 - Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

The security update applies to:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Vista

References:
MS Advisory 935423: http://www.microsoft.com/technet/security/...ory/935423.mspx
MS Security Bulletins for end-users: http://www.microsoft.com/athome/security/u...ins/200704.mspx
MS Security Bulletins for IT Pro: http://www.microsoft.com/technet/security/...n/ms07-apr.mspx
MS Response Center Blog: http://blogs.technet.com/msrc/default.aspx
MS KB925902: http://support.microsoft.com/?kbid=925902
MS Security Bulletin: http://www.microsoft.com/technet/security/...n/ms07-017.mspx

Note:
Microsoft NEVER send security updates via e-mail. Download only the updates using Windows Updates, Microsoft Download Center websites or Automatic Updates functionality in Windows.

« Last Edit: April 03, 2007, 07:59:08 PM by drhayden1 »

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #28 on: April 03, 2007, 07:34:14 PM »
Oops! What does this mean?  ???

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #29 on: April 03, 2007, 07:40:15 PM »
Google rthdcpl.exe and you'll find it is an infection  ::)
The best things in life are free.