Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE Download.Ject Exploit Fixed

Posted by simoniker on from the round-and-round dept.

Saint Aardvark writes "Just in time for the weekend, the Internet Storm Center is reporting that Microsoft is providing a fix for the Download.Ject vulnerability that hit IE late last month. The press statement says that it'll hit Windows Update later today..."

8 of 421 comments (clear)

  1. FYI by arieswind · · Score: 4, Informative

    This configuration change to the Windows XP, Windows Server 2003 and Windows 2000 operating systems improves system resiliency to protect against the Download.Ject attack.

    In addition to this configuration change, which will protect customers against the immediate reported threats, Microsoft is working to provide a series of security updates to Internet Explorer in coming weeks that will provide additional protections for our customers.

    Please note that this isnt a fix, it is only a configuration change to help defend against the problem and nullify the threat from the known places it is spreading from. No doubt that within a short time, whoever is behind the virus will find other places to have the virus attack from. This is just another "this will help for now, please wait for the real fix" incident from Microsoft.

    1. Re:FYI by Anonymous Coward · · Score: 5, Informative

      Nope:

      Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer (KB870669)
      Adodb.stream provides a method for reading and writing files on a hard drive.

      Quick Info
      File Name:
      Windows-KB870669-x86-ENU.exe

      Download Size:
      104 KB

      Date Published:
      7/2/2004

      Version:
      870669

      Overview
      Adodb.stream provides a method for reading and writing files on a hard drive. This by-design functionality is sometimes used by web applications. However, when combined with known security vulnerabilities in Microsoft Internet Explorer, it could allow an internet web site to execute script from the Local Machine Zone (LMZ). This occurs because the ADODB.Stream object allows access to the hard drive when hosted within Internet Explorer.

      It has nothing to do with known threats.

  2. Re:Um by Zed2K · · Score: 4, Informative

    You can make it completely automatic on 2000 also.

  3. What about ActiveX? by jZnat · · Score: 4, Informative

    They might've found one way to prevent the auto-download, but there are still plenty of ways to force a download using ActiveX. Even with that, there are still a few ways to run them too; methods that are still unknown to most assholes trying to get you to buy their pills that give you bigger penis-breasts-ego-wallet-spyware-car-wife-mom-WMDs .

    --
    'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
  4. Re:Um by sid+crimson · · Score: 4, Informative

    I don't need the Euro conversion utility. I don't need windows media player 9.


    Autoupdate only installs "critical" patches. WM9 and the Euro tool are not such updates.

    -sid
  5. Microsoft released a fix a long time ago by Sheepdot · · Score: 5, Informative
    Ever wondered how IE exploits get a whole executable to your computer?

    Wonder no more. 11 months of IE exploits and at least a year or two's worth of future exploits can be avoided with one simple registry change. The problem that MS has isn't that they are incompetent, it's that they insist on leaving default features that are used by 1% of administrators like myself.

    98% of spyware released since January 2004 can be avoided with the above registry fix. If you think that statistic is outrageous, I challenge you to find one piece of malware installed without using ADODB.Stream in one way, shape, or form. Be forewarned, I make and research IE exploits for a living and wouldn't make this kind of a claim without having the data to back it up.

    1. Re:Microsoft released a fix a long time ago by jesser · · Score: 4, Informative

      11 months of IE exploits and at least a year or two's worth of future exploits can be avoided with one simple registry change.

      The registry change you point to only affects the ADODB.Stream object. While holes involving ADODB.Stream may have made up a large porportion of successful exploits by spyware (as you claim), there have been other arbitrary-code-execution vulnerabilities in Internet Explorer during the time period you mention.

      I'm guessing that there have been several zone-jumping holes, and ADODB.Stream makes all zone-jumping holes into arbitrary-code-execution holes. Is that what you mean by "using ADODB.Stream in one way, shape, or form"?

      I make and research IE exploits for a living and wouldn't make this kind of a claim without having the data to back it up.

      I find and fix Mozilla security holes as a hobby and I think you're making stuff up.

      --
      The shareholder is always right.
  6. IE Download.Ject Exploit *not* fixed by yeremein · · Score: 4, Informative
    ... this update is actually just a configuration change that disables the ADODB.Stream object from within Internet Explorer.
    The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone.

    No security vulnerabilities have actually been fixed here; all that's happened is that some functionality (which exacerbated existing security holes and was probably a bad idea to begin with) has been disabled.