A 6% fix from Microsoft Security Bulletin MS03-040 - 828750
From: Me2 (nospam_at_nospam.com)
Date: 10/04/03
- Next message: Me2: "Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750"
- Previous message: Jupiter Jones [MVP]: "Re: Microsoft Security Bulletin MS03-040 - 828750"
- In reply to: Jupiter Jones [MVP]: "Re: Microsoft Security Bulletin MS03-040 - 828750"
- Next in thread: Me2: "Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750"
- Reply: Me2: "Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 4 Oct 2003 00:54:53 -0700
Jupiter, so, it's ok to mass post... Let e'r rip...
With MS03-040 M$ released a 6% fix with some good descriptions of what to
change with IE
security setting.
What I can not figure out is what exactly this is supposed to fix.
Trojan.QHosts? Something other kind of Trojan/virus/worm. The technical
details and FAQs have a lot of wording about this and that - all good stuff.
But it looks like it all comes down to two fixes (three if you include the
Media player update):
a.. Object Tag vulnerability in Popup Window: CAN-2003-0838
b.. Object Tag vulnerability with XML data binding: CAN-2003-0809
The odd thing is the two "CAN-xxxx-xxxx" links don't work in the security
bulletin. If I try to match it up to the 31 IE vulnerabilities listed on
"http://www.pivx.com/larholm/unpatched" then it looks like M$ fixed 2 of the
31 (6%) leaving us with 29 (94%) IE vulnerabilities to go.
Still waiting for the other 94% of the IE fixes...
"Jupiter Jones [MVP]" <jones_jupiter@hotnomail.com> wrote in message
news:%23DN9ImkiDHA.2420@TK2MSFTNGP10.phx.gbl...
> I am viewing this thread through the Microsoft servers and I do see a
> difference.
> Perhaps you need to read more posts.
> People often point out that this information does not get enough
> publicity in these newsgroups.
> Now Microsoft posts this very information to the newsgroups and people
> complain.
> Microsoft will lose no matter what they do.
> Some of the patches need massive exposure.
> In a 2 hour time frame, I saw the information about this patch from at
> least 4 different methods.
> This is what it is sometimes necessary to do.
>
> You can pick all you want, the point is the information is getting out
> in a non threatening way.
> There are NO attachments.
> If you would like to panic over a legitimate post, what did you do
> when all the viruses were here?
>
> I obviously realize a lot more than you think, a point that should be
> obvious to you if you only look.
>
> --
> Jupiter Jones [MVP]
> An easier way to read newsgroup messages:
> http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
> http://dts-l.org/index.html
>
>
> "Invisible Dance" <dark.apostle@mindspring.com> wrote in message
> news:xqufb.19635$f11.11521@newsread1.news.atl.earthlink.net...
> > Since "Jerry Bryant [MSFT] massively cross-posted (the same
> technique the
> > 'swen' worm uses in posting to newsgroups), this is somewhat
> difficult to
> > explain, so I'll append an example of the same information that was
> posted
> > to microsoft.public.security.virus (not cross-posted as the 'swen'
> worm
> > cross-posts fake Microsoft Security bulletins [which, by the way,
> ALSO have
> > valid hot-links to appropriate Microsoft websites, it's just that
> they also
> > have a malformed header and an infected attachment]) in a much
> better
> > fashion. If you are not viewing this thread in the
> > microsoft.public.security.virus you may not realize how bad the post
> from
> > "Jerry Bryant [MSFT] looks in context.
> >
> > Realize that millons of fake, infected "Microsoft Security
> Bulletins" are
> > being sent out hourly by systems and networks infected by the 'swen'
> worm.
> > Some of us are geting a thousand or more each day. That makes it
> extremely
> > important to make every effort to insure any legitimate information
> > purporting to be from Microsoft to distinguish itself from that
> provided by
> > the 'swen' worm.
> >
> > Just in case you need a glimpse of the 'swen' worm product, look at
> (but be
> > very, very sure that you have all necessary Microsoft security
> patches and
> > Service Packs installed AND have an antivirus program with the
> latest virus
> > definitions scanning all operations of your computer before looking)
> the
> > post to microsoft.public.security.virus
> >
> > Watch this security patch
> > From: Karol
> > Sent: 02OCT03 4:18 PM EDT
> >
> >
> > The post generated by the 'swen' worm has a malformed header AND has
> the ~
> > 106,000 byte infectious attachment. Open this attached file and,
> without
> > up-to-date antivirus protection on your Windows 98 and up operating
> system
> > and your system WILL be infected.
> > ______________________
> > Quote Begins
> > ______________________
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > - ------------------------------------------------------------------
> ----
> > Title: Cumulative Patch for Internet Explorer (828750)
> > Date: October 3, 2003
> > Software: Internet Explorer 5.01
> > Internet Explorer 5.5
> > Internet Explorer 6.0
> > Internet Explorer 6.0 for Windows Server 2003
> > Impact: Run code of attacker's choice
> > Max Risk: Critical
> > Bulletin: MS03-040
> >
> > Microsoft encourages customers to review the Security Bulletins at:
> > http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
> >
> http://www.microsoft.com/security/security_bulletins/MS03-040.asp
> > - ------------------------------------------------------------------
> ----
> >
> > Issue:
> > ======
> > This is a cumulative patch that includes the functionality of all
> > previously released patches for Internet Explorer 5.01, 5.5 and 6.0.
> > In addition, it eliminates the following newly discovered
> > vulnerabilities:
> >
> > A vulnerability that occurs because Internet Explorer does not
> > properly determine an object type returned from a Web server in a
> > popup window. It could be possible for an attacker who exploited
> this
> > vulnerability to run arbitrary code on a user's system. If a user
> > visited an attacker's Web site, it would be possible for the
> attacker
> > to exploit this vulnerability without any other user action. An
> > attacker could also craft an HTML-based e-mail that would attempt to
> > exploit this vulnerability.
> >
> > A vulnerability that occurs because Internet Explorer does not
> > properly determine an object type returned from a Web server during
> > XML data binding. It could be possible for an attacker who exploited
> > this vulnerability to run arbitrary code on a user's system. If a
> > user visited an attacker's Web site, it would be possible for the
> > attacker to exploit this vulnerability without any other user
> action.
> > An attacker could also craft an HTML-based e-mail that would attempt
> > to exploit this vulnerability.
> >
> > A change has been made to the method by which Internet Explorer
> > handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer
> > Restricted Zone. It could be possible for an attacker exploiting a
> > separate vulnerability (such as one of the two vulnerabilities
> > discussed above) to cause Internet Explorer to run script code in
> the
> > security context of the Internet Zone. In addition, an attacker
> could
> > use Windows Media Player's (WMP) ability to open URL's to construct
> > an attack. An attacker could also craft an HTML-based e-mail that
> > could attempt to exploit this behavior.
> >
> > To exploit these flaws, the attacker would have to create a
> specially
> > formed HTML-based e-mail and send it to the user. Alternatively an
> > attacker would have to host a malicious Web site that contained a
> Web
> > page designed to exploit these vulnerabilities. The attacker would
> > then have to persuade a user to visit that site.
> >
> > As with the previous Internet Explorer cumulative patches released
> > with bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this
> > cumulative patch will cause window.showHelp( ) to cease to function
> > if you have not applied the HTML Help update. If you have installed
> > the updated HTML Help control from Knowledge Base article 811630,
> you
> > will still be able to use HTML Help functionality after applying
> this
> > patch.
> >
> > In addition to applying this security patch it is recommended that
> > users also install the Windows Media Player update referenced in
> > Knowledge Base Article 828026. This update is available from
> Windows
> > Update as well as the Microsoft Download Center for all supported
> > versions of Windows Media Player. While not a security patch, this
> > update contains a change to the behavior of Windows Media Player's
> > ability to launch URL's to help protect against DHTML behavior based
> > attacks. Specifically, it restricts Windows Media Player's ability
> > to launch URL's in the local computer zone from other zones.
> >
> > Mitigating Factors:
> > ====================
> > - -By default, Internet Explorer on Windows Server 2003 runs in
> > Enhanced
> > Security Configuration. This default configuration of Internet
> > Explorer
> > blocks automatic exploitation of this attack. If Internet Explorer
> > Enhanced Security Configuration has been disabled, the protections
> > put in place that prevent this vulnerability from being
> automatically
> > exploited would be removed.
> >
> > - -In the Web-based attack scenario, the attacker would have to host
> a
> > Web site that contained a Web page used to exploit this
> > vulnerability. An attacker would have no way to force a user to
> > visit a malicious Web Site. Instead, the attacker would need to lure
> > them there, typically by getting them to click a link that would
> take
> > them to the attacker's site.
> >
> > - -Exploiting the vulnerability would allow the attacker only the
> same
> > privileges as the user. Users whose accounts are configured to have
> > few privileges on the system would be at less risk than ones who
> > operate with administrative privileges.
> >
> > Risk Rating:
> > ============
> > -Critical
> >
> > Patch Availability:
> > ===================
> > - A patch is available to fix this vulnerability. Please read the
> > Security Bulletins at
> > http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
> >
> http://www.microsoft.com/security/security_bulletins/MS03-040.asp
> > for information on obtaining this patch.
> >
> >
> > - ------------------------------------------------------------------
> ---
> >
> > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> > PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
> > ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
> > WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
> > IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE
> > FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
> > CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
> > MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
> > POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
> > OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
> SO
> > THE FOREGOING LIMITATION MAY NOT APPLY.
> >
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 7.1
> >
> > iQEVAwUBP34rCY0ZSRQxA/UrAQFmqAgAlS+ZctG+OT7Rd49WfGdz2ISdMNZ1E1ay
> > IpWYrj5leBrc5KTLf7fadhy9209A96gppJbV6lIWqP1gvQWrWaW8XZzyhvsX7FH+
> > 922nYeQLUsPp3R+wA2jZP6OvcfTFOUqa4nDM9oisO7qMEc2SuDdQWont2IzeAf6h
> > 3P6VjblfQ72pxPAYuFSRN0xKZGzqcSKqWYwy+APgjp3a+J1tO17ur+1jhz6BgI9w
> > CZcAOxluayX6IxOixaWFBZUmiITGFImYFY1Ql+LQSdTCVv11R+IKrhAsRwfyfA9r
> > 7AqjjZfWrB/ScpPdrobt3W9eFSxgHCjMen7SIB5SuTldsWwpu7IBHg==
> > =vhUD
> > -----END PGP SIGNATURE-----
> >
> >
> > --
> > Larry Samuels MS-MVP (Windows-Shell/User)
> > Associate Expert
> > Unofficial FAQ for Windows Server 2003 at
> > http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
> > Expert Zone - www.microsoft.com/windowsxp/expertzone
> >
> >
> > _______________
> > Quote Ends
> > --
> > Invisible Dance, dark.apostle@mindspring.com
> >
> > "Jupiter Jones [MVP]" <jones_jupiter@hotnomail.com> wrote in message
> > news:e4DzU2jiDHA.3324@TK2MSFTNGP11.phx.gbl...
> > > Phil;
> > > Why are you posting "It is meant to sound harsh"?
> > > This is a newsgroup.
> > > One purpose is to exchange of information.
> > > Jerry gave information about an important Critical Update.
> > > How much more of an explanation is needed.
> > > Instead of wasting bandwidth, Jerry posted the relevant link,
> click
> > > it, the link works.
> >
> >
>
>
- Next message: Me2: "Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750"
- Previous message: Jupiter Jones [MVP]: "Re: Microsoft Security Bulletin MS03-040 - 828750"
- In reply to: Jupiter Jones [MVP]: "Re: Microsoft Security Bulletin MS03-040 - 828750"
- Next in thread: Me2: "Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750"
- Reply: Me2: "Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
