Get Smart about Business Spending
- Related Stories
-
PCs falling victim to Windows flaws
July 12, 2005
An attacker could craft a malicious Web site that takes advantage of the flaw and gain control over the PCs that visit the Web site, or an attacker could install malicious software on those systems, a representative of the French Security Incident Response Team said in an e-mail interview Wednesday. The organization rates the issue "critical," its most serious classification.
Exploit code for the flaw is available on the Internet, according to the French security research group. The availability of exploit code typically raises the risk to users because it could aid miscreants in setting up attacks.
Microsoft is investigating the report of the new IE flaw, a company representative said in a statement late Wednesday. The software maker is not aware of attacks that use the reported flaw, the representative said. After the investigation, Microsoft will take the appropriate action to protect users, which could include a security update, she said. The company issued an advisory outlining workarounds for the issue on Thursday.
Internet security monitoring company Websense has added detection mechanisms for this latest potential IE flaw to its software. As of Wednesday afternoon the company had not found any malicious Web sites that take advantage of it, said Dan Hubbard, senior director of security and research at Websense in San Diego.
The flaw is similar to security vulnerabilities Microsoft fixed as part of its monthly patch release last week and in July, according to representative for the French Security Incident Response Team. The problem exists because IE inappropriately lets Web sites instantiate other pieces of Microsoft software on the PC.
It is not clear which users may be at risk. Exploiting this flaw requires a file called "Msdds.dll" to be present on the Windows PC. The French group is still investigating how common that file is. It appears to be installed with Microsoft's Visual Studio developer tools, but it may also be installed with more common software, the group's representative said.
"Microsoft said that this library is installed with Visual Studio, but we do not have Visual Studio installed on our lab machines," the representative said. The group has confirmed the vulnerability on a system with IE 6 on Windows XP with Service Pack 2 and all current patches, this person said.
On Thursday morning, FrSIRT said the exploitable library is also installed with Microsoft Office 2002. "Conclusion: msdds.dll is installed, at least, with Office 2002 and Visual Studio 2002 and 2003," the group said in an e-mail.
Other applications also install the file, the SANS Internet Storm Center said Thursday on its Web site. Applications that may also install this component include Microsoft's .Net Framework 1.1, Office 2000 and Office XP, Project and Visio, the SANS Internet Storm Center said.
IE users can protect themselves by not surfing to untrusted Web sites or disabling ActiveX controls. Using an alternative browser that does not support ActiveX, such as Firefox, also prevents this specific attack, according to SANS and FrSIRT.
Meanwhile, Websense has found Web sites that exploit security flaws Microsoft offered patches for last week and in July. The malicious code embedded in the Web sites installs a backdoor on the computer of the person who visits it with IE on a vulnerable Windows computer, Hubbard said.
There are "a couple of dozen" sites that exploit the IE flaw disclosed last week in Microsoft Security Bulletin MS05-038, according to Websense. The hole fixed with Security Bulletin MS03-037 a month ago is exploited by a couple of hundred Web sites, Hubbard said.
Microsoft rated both those fixed flaws "critical" and has urged users to apply software patches.
See more CNET content tagged:
flaw, Microsoft Visual Studio, Websense Inc., Microsoft Office 2002, representative
http://www.theinquirer.net/?article=16922
My guess is that it is .net or COM related, and thus not an IE problem. It could be installed with Access 2002 as I do not use it.
My conclusion is that the FrSIRT should try a bit harder to have some facts before publishing this garbage.
Since this is a trial version, my conclusion is about the same as yours, and FrSIRT should not publish this garbage.
- A whole new IE caper is on the loose.
- by OneWithTech August 22, 2005 12:14 AM PDT
- I'd like to think that I'm one of the few geeks in this world that can diagnose and repair a PC in a menial amount of time given only 3 peices of free software and still kick it with my motorhead freinds.
- Like this Reply to this comment
-
(10 Comments)I have seen every, yes every (or damn near every) problem that you could possibly have or aquire in a PC. Most of my experience has been talored over the last 4 years to Windows 2000 Professional and Windows XP (Home and Professional).
I'm no stranger to web design, development and everything in between. I've beemed 802 signals upward of a half mile using devices bought from Best Buy and CompUSA.
When I'm done tweaking you computer I'll build an edition for your house, do your landscaping, and then fix your car. I'd like to think I'm somewhat a "little" talented at some things.
Lately Microsoft's Internet Explorer has taken my mind for a ride, and will definitely make you think about every using Microsoft's Internet Explorer again.
A machine that I was doing a standard cleaning on had been affected with 560 peice's of spyware (Claria clocked the top 3 spots for the most, and worst rated spyware), 60 virus's (or viri), and a desperate need to be defragged.
After about an hour or so of working on this machine, cleaning out the spyware and viri, and then defragging it. I was able to get the machine that wasn't surfing the WWW to a machine that would surf into the night like a screech owl swooping to the next tree.
There was a little problem though, it seems that there had been links added to my website, MatrixStructures.com (www.matrixstructures.com). I'm a web developer and designer that is so confident that his site will display time and time again, I will surf to it first to check the machine I'm working on for internet connectivity.
So a quick www dot later and I'm looking at my site, leaning over and telling Erin, "Were good to go dude, surfing on the information super highway".
Wait, there seems to be some links that have been added to my site. A quick look at the source code and sure ****, links had been added to my site.
The links were not added by me and were not in the code like they should have been. No, these links were added because Internet Explorer was told to change certain keywords into links.
How was Internet Explorer able to change something that it shouldn't have any control over? That's a damn good question, and I'm so persistent in finding out why IE get's screwed up, that I'm looking for an answer.
If someone has an answer, email me at onewithtech@mac.com .If I find the answer, I'll post it on www.techviewstoday.tech01.net, my tech blog.
And, If someone would like to disect this machine, I can still get ahold of it. I had informed Erin that his machine was subject of the worst Internet Explorer Exploit of the Year.
Do not, I repeat, DO NOT use Internet Explorer for anything that you would not want broken into.
Do not use Internet Explorer to check your: bank accounts, stock portfolio, or any other service you wouldn't want to be compromised online, use FireFox or buy a Mac.