+ Post New Thread
Results 1 to 11 of 11
Windows Thread, 3rd parties release patch for unpatched IE security hole in Technical; Here we are again. For those who don't know, an exploit was found in IE on the 23rd. MS has ...
  1. #1

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227

    3rd parties release patch for unpatched IE security hole

    Here we are again. For those who don't know, an exploit was found in IE on the 23rd. MS has released an advisory but no patch. I'm guessing one will appear on the monthly patch day in April.

    In the meantime, there are malcious web sites using the hole to install spyware, trojans and other malware. Over 200 infact.

    There's two options for protecting your machines. Either disable active scripting (as per the instructions in the MS advisory) or use one of the patches avalible from eEye or Determina.

    For those of you using Snort as your IDS, here's a signature to catch the vunerability.

    http://www.bleedingsnort.com/cgi-bin...AD&view=markup

  2. #2

    Join Date
    Sep 2005
    Location
    Sheffield
    Posts
    136
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: 3rd parties release patch for unpatched IE security hole

    Is it just me, but isnt it strange a company the size of M$ cant respond almost instantly when they're software is found to be flawed, even a private security company has beaten them to it - whilst people who religiously use Windows Update and WSUS are left vunerable to a well publised problem.

  3. #3

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,417
    Thank Post
    644
    Thanked 965 Times in 665 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: 3rd parties release patch for unpatched IE security hole

    That's Microsoft for you

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,308
    Thank Post
    242
    Thanked 1,589 Times in 1,266 Posts
    Rep Power
    344

    Re: 3rd parties release patch for unpatched IE security hole

    The advisory to disable Active Scripting is not really a workaround (in my opinion), as it causes a lot of websites to stop working completely. Setting Active Scripting to prompt the user is just a pain as I am clicking Yes, Yes, Yes all the time which gets very frustrating.

    I am predicting MS will release the patch early as there are allegedly (as mentioned above) 200 websites hosting the malicious code to exploit IE. There are also three variants (possibly more now) of this exploit found in the wild. Apparently MS have developed a fix, but it is going through their quality patch testing Patience is a virtue...

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    340

    Re: 3rd parties release patch for unpatched IE security hole

    Is it just me, but isnt it strange a company the size of M$ cant respond almost instantly when they're software is found to be flawed, even a private security company has beaten them to it - whilst people who religiously use Windows Update and WSUS are left vunerable to a well publised problem.
    Its not strange at all, windows is so large and bloated that Microsoft don't properly understand it.
    There is a good story about it here: http://www.nytimes.com/2006/03/27/te...7A&oref=slogin

    This has been the case for a long time - remember they had to hire the samba team to figure out how their SMB protocol worked (and subsequently changed so that it didn't work so well with samba)

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227

    Re: 3rd parties release patch for unpatched IE security hole

    MS does seem to be struggling to cope. I suspect they are starting to hit the limits conventional software developement can stretch to.

    Slightly more on topic though, that firefox roll out is looking increasingly appealing.

  7. #7

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,417
    Thank Post
    644
    Thanked 965 Times in 665 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: 3rd parties release patch for unpatched IE security hole

    Quote Originally Posted by Geoff
    Slightly more on topic though, that firefox roll out is looking increasingly appealing.
    Surprised you haven't done that already Geoff :P

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    340

    Re: 3rd parties release patch for unpatched IE security hole

    hat firefox roll out is looking increasingly appealing.
    I did almost get htis done a while back, it took a bit of hacking to keep some of the security options (eg cannot change proxy etc) but I find it keeps breaking with updates. OTOH Opera is much easier to configure for security.

  9. #9
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,987
    Thank Post
    271
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    48

    Re: 3rd parties release patch for unpatched IE security hole

    Using proxy based blocking GPO restrictions are redundant tho' aren't they?

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227

    Re: 3rd parties release patch for unpatched IE security hole

    Quote Originally Posted by webman
    Quote Originally Posted by Geoff
    Slightly more on topic though, that firefox roll out is looking increasingly appealing.
    Surprised you haven't done that already Geoff :P
    Depends where your talking about. I work at several sites.

  11. #11

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,417
    Thank Post
    644
    Thanked 965 Times in 665 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: 3rd parties release patch for unpatched IE security hole

    Quote Originally Posted by Geoff
    Depends where your talking about. I work at several sites.
    Ahhh OK, that would exaplain it 8)



SHARE:
+ Post New Thread

Similar Threads

  1. Help Plugging A Security Hole
    By luketheduck in forum Windows
    Replies: 6
    Last Post: 14th November 2007, 04:27 PM
  2. FFS Another Patch!!!!!!
    By Mr_T in forum ICT KS3 SATS Tests
    Replies: 15
    Last Post: 16th May 2007, 09:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •