+ Post New Thread
Results 1 to 11 of 11
Windows Thread, 3rd parties release patch for unpatched IE security hole in Technical; Here we are again. For those who don't know, an exploit was found in IE on the 23rd. MS has ...
  1. #1

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    3rd parties release patch for unpatched IE security hole

    Here we are again. For those who don't know, an exploit was found in IE on the 23rd. MS has released an advisory but no patch. I'm guessing one will appear on the monthly patch day in April.

    In the meantime, there are malcious web sites using the hole to install spyware, trojans and other malware. Over 200 infact.

    There's two options for protecting your machines. Either disable active scripting (as per the instructions in the MS advisory) or use one of the patches avalible from eEye or Determina.

    For those of you using Snort as your IDS, here's a signature to catch the vunerability.

    http://www.bleedingsnort.com/cgi-bin...AD&view=markup

  2. #2

    Join Date
    Sep 2005
    Location
    Sheffield
    Posts
    136
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: 3rd parties release patch for unpatched IE security hole

    Is it just me, but isnt it strange a company the size of M$ cant respond almost instantly when they're software is found to be flawed, even a private security company has beaten them to it - whilst people who religiously use Windows Update and WSUS are left vunerable to a well publised problem.

  3. #3

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    640
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: 3rd parties release patch for unpatched IE security hole

    That's Microsoft for you

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340

    Re: 3rd parties release patch for unpatched IE security hole

    The advisory to disable Active Scripting is not really a workaround (in my opinion), as it causes a lot of websites to stop working completely. Setting Active Scripting to prompt the user is just a pain as I am clicking Yes, Yes, Yes all the time which gets very frustrating.

    I am predicting MS will release the patch early as there are allegedly (as mentioned above) 200 websites hosting the malicious code to exploit IE. There are also three variants (possibly more now) of this exploit found in the wild. Apparently MS have developed a fix, but it is going through their quality patch testing Patience is a virtue...

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: 3rd parties release patch for unpatched IE security hole

    Is it just me, but isnt it strange a company the size of M$ cant respond almost instantly when they're software is found to be flawed, even a private security company has beaten them to it - whilst people who religiously use Windows Update and WSUS are left vunerable to a well publised problem.
    Its not strange at all, windows is so large and bloated that Microsoft don't properly understand it.
    There is a good story about it here: http://www.nytimes.com/2006/03/27/te...7A&oref=slogin

    This has been the case for a long time - remember they had to hire the samba team to figure out how their SMB protocol worked (and subsequently changed so that it didn't work so well with samba)

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: 3rd parties release patch for unpatched IE security hole

    MS does seem to be struggling to cope. I suspect they are starting to hit the limits conventional software developement can stretch to.

    Slightly more on topic though, that firefox roll out is looking increasingly appealing.

  7. #7

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    640
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: 3rd parties release patch for unpatched IE security hole

    Quote Originally Posted by Geoff
    Slightly more on topic though, that firefox roll out is looking increasingly appealing.
    Surprised you haven't done that already Geoff :P

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: 3rd parties release patch for unpatched IE security hole

    hat firefox roll out is looking increasingly appealing.
    I did almost get htis done a while back, it took a bit of hacking to keep some of the security options (eg cannot change proxy etc) but I find it keeps breaking with updates. OTOH Opera is much easier to configure for security.

  9. #9
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,966
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: 3rd parties release patch for unpatched IE security hole

    Using proxy based blocking GPO restrictions are redundant tho' aren't they?

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: 3rd parties release patch for unpatched IE security hole

    Quote Originally Posted by webman
    Quote Originally Posted by Geoff
    Slightly more on topic though, that firefox roll out is looking increasingly appealing.
    Surprised you haven't done that already Geoff :P
    Depends where your talking about. I work at several sites.

  11. #11

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    640
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: 3rd parties release patch for unpatched IE security hole

    Quote Originally Posted by Geoff
    Depends where your talking about. I work at several sites.
    Ahhh OK, that would exaplain it 8)

SHARE:
+ Post New Thread

Similar Threads

  1. Help Plugging A Security Hole
    By luketheduck in forum Windows
    Replies: 6
    Last Post: 14th November 2007, 03:27 PM
  2. FFS Another Patch!!!!!!
    By Mr_T in forum ICT KS3 SATS Tests
    Replies: 15
    Last Post: 16th May 2007, 08:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •