Educause Security Discussion mailing list archives
Re: critical Microsoft fix for download.ject
From: Jordan Wiens <numatrix () UFL EDU>
Date: Fri, 2 Jul 2004 16:12:47 -0400
Good point; the good news, however, is that at least they're making it a critical update will therefore be hopefully installed by more users and automatically installed by machines set to auto install updates. That is a bit odd for such a hack to be turned into a 'patch', but it at least works. The relevant KB is here: http://support.microsoft.com/default.aspx?scid=kb;EN-US;870669 Yup, there are actually more than one of the original vulnerabilities out there. Disabling adodb.stream will prevent the current batch of them from working at least. This original 'feature' was discovered in August of 2003: http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-08/1758.html And has been used along with a variety of unpatched cross-zone vulnerabilities in IE. The actual vulnerabilities being exploited are: http://www.kb.cert.org/vuls/id/713878 And another modal dialog cross-zoneexploit. For the first public discovery and analysis of the new exploits (by Jelmer; the author who discovered the original adodb.stream issue), see: http://62.131.86.111/analysis.htm -- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 On Fri, 2 Jul 2004, Christopher E. Cramer wrote:
one quick note - this isn't actually a fix. it's a configuration change (i believe a registry hack) that's bundled up in a binary wrapper. as i understand it, the configuration change does limit the exposure to current exploits of the vulnerability, but the original vulnerability does still exist and we should continue to pressure Microsoft to actually fix it. -c On Fri, 2004-07-02 at 15:21, Doug Pearson wrote:Addressing the recent IE vulnerability known as Download.Ject, aka Scob and Toofer, Microsoft has released a critical update today: http://www.microsoft.com/security/incident/download_ject.mspx Doug Pearson REN-ISAC ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- critical Microsoft fix for download.ject Doug Pearson (Jul 02)
- <Possible follow-ups>
- Re: critical Microsoft fix for download.ject Christopher E. Cramer (Jul 02)
- Re: critical Microsoft fix for download.ject Jordan Wiens (Jul 02)
- Re: critical Microsoft fix for download.ject Gary Flynn (Jul 02)