Re: IE/WMP Exploit

[Axel Pettinger <api () epost de>]

Carlos Kramer wrote:
> > Axel Pettinger wrote:
> >
> > Out of curiosity ... Is MS04-013 installed on your machine?
> >
> > What you've seen looks like the Adodb.Stream and ms-its problem.
>
> No KB837009 isn't installed. I normally remove Outlook Express and do
> not use it - so I'd assumed this patch wasn't required - silly me I 
> should have read MS04-013 closer:-

I doubt that you're the only one thinking that way. If one doesn't use
Outlook Express and didn't install it the last time IE was "upgraded"
then the patch cannot be installed. (One has to do it manually or
reinstall OE.) I'm not even sure whether the "Windows Update" page will
report the patch as missing at all in such cases. And that although
there're a few of OE's DLLs in the %windir%\system32 directory and often
enough also the old OE directory still exists. Users think that they
"fully patched" but they are not and still vulnerable ... :/

> What systems are primarily at risk from the vulnerability?
> By default, Outlook Express is installed on all supported Windows 
> systems. Microsoft recommends that this update be installed 
> immediately on all systems.
>
> At least this explains why some of my VPN users have been able to get
> junkware/spyware on their systems when they aren't using our internal
> http proxy (which filters this cruft).
>
> Thanks.

No problem.

Regards,
Axel Pettinger

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040614
----------------------------------------------------------------------------