ADODB.stream

From: Je$$ica (jess_re823s_at_hacker-tools.com)
Date: 07/03/04 

Date: Sat, 3 Jul 2004 12:13:16 -0700

This article be useful to answering your question. (BE
CAREFUL: some trolls might pass by and say this story is
a "hoax" and/or we have nothing to worry about.)

MICROSOFT RELEASES SECURITY UPDATE

(AP) - Microsoft Corp. (MSFT) issued an interim security
update Friday to protect users of its nearly ubiquitous
Internet Explorer browsers from a new technique for
spreading viruses.

The update does not entirely fix the flaw that makes the
spread possible, but it changes settings in Windows
operating systems to disable hackers' ability to deliver
malicious code with it.

The security measure came in response to last week's
discovery of a computer virus designed to steal valuable
information like passwords. Though its outbreak was mild,
security experts said the technique for spreading it was
novel and could be used to send spam or launch broad
attacks to cripple the Internet.

Hackers had converted hundreds and possibly thousands of
Web sites into virus transmitters by first hiding
malicious code using a vulnerability with Microsoft's
software for operating Web sites. A fix for it had been
issued in April but was not universally applied.

Two other flaws in Microsoft products allowed hackers to
direct Internet Explorer browsers to automatically run the
virus when visiting an infected site.

Though one of those flaws remains unfixed, Friday's
setting changes thwart any attack by prohibiting a Web
application from writing files - such as the virus code -
onto users' computers.

The U.S. Computer Emergency Readiness Team urged computer
users to install the update, saying it would greatly
increase protection. But the advisory warned other types
of attack remain possible.

Stephen Toulouse, a security program manager at Microsoft,
said the company still was working on a comprehensive
patch to fix vulnerabilities with Internet Explorer, but
the settings change should protect users from the
immediate threat.

The software update covers Windows XP, Windows Server 2003
and Windows 2000, and Microsoft was working on ones for
older systems.

The update will also be included with a major Windows XP
upgrade, called Service Pack 2, later this summer.
Toulouse said the Service Pack will include additional
protections.

After installing Friday's update, users should be able to
lower their security settings from the "high" one
initially recommended as a stopgap, he said.

Russ Cooper, a senior researcher at TruSecure Corp.,
welcomed Friday's update, but said it should have come
sooner than a week.

"It would have taken a couple of hours to put it together
as a package, and (the testing) process can take a day or
two," Cooper said.

But Toulouse said that given the broad user base for
Windows and Internet Explorer, even a problem affecting
less than 1 percent of users potentially hurts millions of
customers.

He said the settings could potentially affect legitimate
applications used internally by Web developers and
corporate networks, and special instructions were
available to address those cases.

The update will be automatically installed if computers
are set to receive it. It is also available
at .http://windowsupdate.microsoft.com

Microsoft shares fell 6 cents to close at $28.57 Friday on
the Nasdaq Stock Market.

>-----Original Message-----
>I had IE6 set to Medium with the standard set of defaults
when I downloaded and installed the patch as the High
setting prevented me from accessing many websites. As a
home user with high speed access to the Internet, how
important is it for me to install the patch? Can I be
just as secure by disabling Active X functions?
>
>"melanie" wrote:
>
>> No problem with the patch here. However, I had not
>> changed the security settings of IE6 before the patch
was
>> released for download and installation, if that makes a
>> difference.
>>
>>
>> >-----Original Message-----
>> >After downloading the ADODB.stream security update,
>> Internet Explorer would not display the URL Address
field
>> in the toolbar. After trying all toolbar
>> combinations/options, I gave up an did a System
Restore.
>> I am using IE 6 and Windows XP Home, fully updated
before
>> today. Has there been any other reports of this
>> happening?
>> >.
>> >
>>
>.
>

Relevant Pages

  • [NT] Microsoft Internet Explorer Drag-and-Drop Redeux
    ... Get your security news from a reliable source. ... Microsoft Internet Explorer suffers from a vulnerability in its handling ... Windows 98 Second Edition ... Set the "Web sites in less privileged content zone can navigate into ...
    (Securiteam)
  • Re: Win98 Updates
    ... Look closely to see if this system has a pop-up blocker from a 3rd-party, or perhaps, it is running an overly protective security suite. ... I am "assuming" you are running version 6 of Internet Explorer. ... Following is only a basic first-pass checklist of settings for Internet Explorer browser, tailored for smoother entry into Windows Update. ...
    (microsoft.public.windowsupdate)
  • Re: Unable to run windows Update on 2003 Server
    ... In Internet Explorer, click Tools ... Click the LAN Settings... ... Try the Windows Update website again, and let us know what happens. ... | Click the Security tab, click the Internet security zone icon, and then ...
    (microsoft.public.windowsupdate)
  • Re: Cant download updates
    ... Be certain to look at your Windows Update log. ... Recheck your Security & Privacy settings AND the ADVANCED settings in Internet Explorer browser. ...
    (microsoft.public.windowsxp.general)
  • Windows update problem
    ... So I went to do Windows update (which worked fine yesterday by ... Please change your Internet Explorer security settings ... To save changes to your settings for this website, ... Click the Security tab, click the Internet security zone icon, and then ...
    (microsoft.public.windows.inetexplorer.ie6.browser)