Attention: Internet Explorer Vulnerability

anthonymcg

Hi everyone,

Just heard about a new vulnerability reported by Microsoft which can exploit almost the same issue as the recent Blast worm. It affects almost all versions of IE and more info can be found here on CNETs site. You can download the patch from Microsoft's site but please make your friends and family are aware of the problem. Microsoft released a patch almost 1 month before Blaster appeared, don't let the same thing happen again.

Regards,

Cake Fiend

I don't quite see how it exploits "almost the same issue" as the msblast worm? Especially seeing as it affects 9x-based systems which don't even run an RPC service?

Anyhow, hopefully people will have learnt by now that it's a good idea to download updates and service packs that Microsoft deem 'critical', not to leave it on the long finger and get bent over a barrel a month later when someone writes a virus to take advantage of the vulnerability.

BKtje

The Internet Explorer bulletin is rated as 'critical' across all platforms except Windows 2003

I dont see where it says that it only affects 9* based systems.
Besides ms stopped supporting them i thought and therefore wouldnt create a patch to fix a bug in only these programs?

whosurpaddy

Originally posted by Sico
Especially seeing as it affects 9x-based systems which don't even run an RPC service?

thats true 9X based systems dont run the RPC sercvic, but when i clicked on the link the only os's mentioned were server 2203, xp, and 2000.

anthonymcg

Originally posted by Sico
I don't quite see how it exploits "almost the same issue" as the msblast worm? Especially seeing as it affects 9x-based systems which don't even run an RPC service?

Wasn't talking bout the RPC service. This new problem can result in a buffer overrun which could also occur with blaster. Its basically the most serious type of error a program can allow as:

It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. - from the link I posted

Cake Fiend

Originally posted by B-K-DzR
I dont see where it says that it only affects 9* based systems.

Noone said it only affects 9x systems. I said it affects 9x systems *in addition* to NT-based systems, i.e. it wasn't very similar to the msblast worm.

The buffer ovverun occurs via Internet Explorer (BR549.DLL ActiveX control), not in the RPC service. Ergo, it's nothing like the msblast worm.

Internet Explorer 5 and 6 also run on 9x-based machines, whosurpaddy, therefore 9x-based systems are also vulnerable.

1+1=2
Try to pay attention, kids

Gerry

Buffer overrun is the most common type of exploit out there. Most exploits have this end result, but they go about it in different ways, this is why Sico said it was completely different. Dunno if you have noticed, but just about every critical windows exploit allows an attacker to run arbitrary code on your system.

Cake Fiend

Clearly, Phil, you have not heard of the 'DoesJackSh1t' exploit for WindowsXP. By exploiting a vulnerability in the way XP handles requests to port 8008135, an attacker could be in a position to do absolutely sweet FA with the victim's machine.

I'ts not a very popular exploit for some reason...

whosurpaddy

Originally posted by Sico
Internet Explorer 5 and 6 also run on 9x-based machines, whosurpaddy, therefore 9x-based systems are also vulnerable.

1+1=2
Try to pay attention, kids

this is also true, but my point was that the os's i mentioned were the ony ones listed, i.e. these are the only ones which need to be patched.

btw y are u trying to start a flame war, no one has been rude/abrupt to you so y r u doing this to others, ud expect a bit better from a mod.

Cake Fiend

First of all, whosurpaddy, I don't see what being a mod has to do with anything.

Second, I wasn't starting a flame war, I was pointing out and correcting mistakes - it's not my fault if people take that as a personal attack.

The systems you listed aren't the only ones that need to be patched, which you would know if you had read this, the download page for the patch. Again, pointing out and correcting something you overlooked, not a personal attack.

Maybe some people took offence at the 'pay attention kids' at the end of my first post, but I'm a sarky fu<k and that kind of thing should be expected from me. No need to cry about it.

whosurpaddy

Originally posted by Sico
First of all, whosurpaddy, I don't see what being a mod has to do with anything.

Second, I wasn't starting a flame war, I was pointing out and correcting mistakes - it's not my fault if people take that as a personal attack.

The systems you listed aren't the only ones that need to be patched, which you would know if you had read this, the download page for the patch. Again, pointing out and correcting something you overlooked, not a personal attack.

Maybe some people took offence at the 'pay attention kids' at the end of my first post, but I'm a sarky fu<k and that kind of thing should be expected from me. No need to cry about it.

look man i dont wanna drag this out, i just felt ur post was Unnecessarily condescending & i pointed it out lets leave it at that