[Dshield] QHOSTS-1 Trojan & MSIE6 Vulnerability

Doug White doug at clickdoug.com
Sat Oct 4 16:40:50 GMT 2003


This critical update patched the vulnerability of IE mis-interpreting certain
scripting when going to a mal-ware web site. .  The proof of concept was posted
on SANS just three days ago, and the appearance of the patch just about set a
record for MS in Time to Market response.

Ms released patches for all versions of IE, from 5.0 through win2003

======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "Al Reust" <areust at comcast.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Saturday, October 04, 2003 10:21 AM
Subject: Re: [Dshield] QHOSTS-1 Trojan & MSIE6 Vulnerability


| Yesterday MS released the MS03-040 and rated it as Critical. Yes I know it
| was not Thursday per normal LOL
|
| Who should read this bulletin: Users running Microsoft Internet Explorer.
| Impact of vulnerability: Run code of attacker's choice.
| Maximum Severity Rating: Critical
| Recommendation: Customers should apply the patch immediately.
|
| For those that missed it. the question remains how many of the holes did
| they finally close.
|
| Al
|
| At 02:33 PM 10/3/2003 -0400, you wrote:
| >http://www.utils32.com/adiefiltr.asp is what I've been playing with and
| >does what is needed. It can flip a site into a JS enable zone and let you
| >block popups, etc... then "reset" it back to restricted. I just find $20 a
| >bit much for what should be a M$ supplied control
| >
| >M$ did supply a IE add-in that did allow adding to Trusted or Restricted,
| >no source, no MSDN example, etc... it all comes down to registry entries.
| >
| >
| >
| >At 10:13 10/3/2003, Tom Liston wrote:
| >><snip>
| >>To the best of my knowledge, there is no third-party add-in that allows JS
| >>to be turned on and off easily.  I looked into writing one, but I'm not
| >>even sure it is possible.  Changing stuff in the registry on the fly
| >>doesn't seem to work, because IE doesn't check the registry each time
| >>before it attempts to run JS code...  only on start up.
| >>
| >>Poor, poor, POOR interface design...
| >>
| >>- -TL
| >>
| >>On 2 Oct 2003 at 22:13, warpmedia wrote:
| >>
| >> > Yet again proof that JS & ActiveX should be considered unsafe for general
| >> > browsing and that M$ not catching bugs properly ought to add a zone
| >> > management to the IE taskbar, distribute appropriate .reg patches to add
| >> > security zones that enable JS & ActiveX (separately, granular), and set
IE
| >> > to restricted zone by default. Usability of windows update be damned.
| >>- ---- >8 ---- Snip!
| >>
| >><snip>
| >
| >Joshua MacCraw
| >warpmedia at comcast.net
| >http://mywebpages.comcast.net/jmaccraw
| >_______________________________________________
| >list mailing list
| >list at dshield.org
| >To change your subscription options (or unsubscribe), see:
| >http://www.dshield.org/mailman/listinfo/list
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|
|




More information about the list mailing list