3rd parties release patch for unpatched IE security hole

[Geoff]

Here we are again. For those who don't know, an exploit was found in IE on the 23rd. MS has released an advisory but no patch. I'm guessing one will appear on the monthly patch day in April.

In the meantime, there are malcious web sites using the hole to install spyware, trojans and other malware. Over 200 infact.

There's two options for protecting your machines. Either disable active scripting (as per the instructions in the MS advisory) or use one of the patches avalible from eEye or Determina.

For those of you using Snort as your IDS, here's a signature to catch the vunerability.

http://www.bleedingsnort.com/cgi-bin...AD&view=markup

[adamyoung]

Is it just me, but isnt it strange a company the size of M$ cant respond almost instantly when they're software is found to be flawed, even a private security company has beaten them to it - whilst people who religiously use Windows Update and WSUS are left vunerable to a well publised problem.

[webman]

That's Microsoft for you

[Michael]

The advisory to disable Active Scripting is not really a workaround (in my opinion), as it causes a lot of websites to stop working completely. Setting Active Scripting to prompt the user is just a pain as I am clicking Yes, Yes, Yes all the time which gets very frustrating.

I am predicting MS will release the patch early as there are allegedly (as mentioned above) 200 websites hosting the malicious code to exploit IE. There are also three variants (possibly more now) of this exploit found in the wild. Apparently MS have developed a fix, but it is going through their quality patch testing Patience is a virtue...

[CyberNerd]

Is it just me, but isnt it strange a company the size of M$ cant respond almost instantly when they're software is found to be flawed, even a private security company has beaten them to it - whilst people who religiously use Windows Update and WSUS are left vunerable to a well publised problem.

Its not strange at all, windows is so large and bloated that Microsoft don't properly understand it.
There is a good story about it here: http://www.nytimes.com/2006/03/27/te...7A&oref=slogin

This has been the case for a long time - remember they had to hire the samba team to figure out how their SMB protocol worked (and subsequently changed so that it didn't work so well with samba)

[Geoff]

MS does seem to be struggling to cope. I suspect they are starting to hit the limits conventional software developement can stretch to.

Slightly more on topic though, that firefox roll out is looking increasingly appealing.

[webman]

Slightly more on topic though, that firefox roll out is looking increasingly appealing.

Surprised you haven't done that already Geoff :P

[CyberNerd]

hat firefox roll out is looking increasingly appealing.

I did almost get htis done a while back, it took a bit of hacking to keep some of the security options (eg cannot change proxy etc) but I find it keeps breaking with updates. OTOH Opera is much easier to configure for security.

[mark]

Using proxy based blocking GPO restrictions are redundant tho' aren't they?

[Geoff]

Slightly more on topic though, that firefox roll out is looking increasingly appealing.

Surprised you haven't done that already Geoff :P

Depends where your talking about. I work at several sites.

[webman]

Depends where your talking about. I work at several sites.

Ahhh OK, that would exaplain it 8)