Microsoft to Issue Out-of-Cycle Patch for IE

rsw writes "Microsoft will be breaking their normal patch cycle and issuing a patch for the Download.Ject attack (a.k.a. Scob). They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob." Note that this does not mean that they are replacing IE with FireFox.

Re:Firefox is not the answer.

[the_mad_poster]

What a load.

Give me a broken site with a significant level of traffic (in other words, don't give me some 13 year old kid's site hosted off Geocities) that doesn't work in Firefox 0.8. Or, were you talking out your ass?

I use it exclusively on three different boxes - the only exception is work where I'm forced to use IE and I limit my browsing to about a dozen sites. 0.7 solved almost all of the rendering "problems" that the multitudes of completely clueless web developers caused. I've never seen a site render improperly in 0.8 except /., and even this broken-ass POS loads right most of the time now that I use 0.8. The rare exceptions to this rule are the occasional sites that are so broken they have a browser sniffer. I've encountered ONE site of significance like that (other sites were all personal sites playing stupid Javascript parlor tricks). Changed the UA and it worked just fine. Company caved to complaints less than 2 days after launching said broken-ass site and removed the sniffer.

I call bullshit.

Reading.. MS... Alerts... SOOOO... FRUSTRATING!!!!

[Asprin]

Is it me or is MS security information getting harder to read?

The article sez that last week MS released a "DOWNLOAD.JECT payload removal tool" to help deal with the infections. So, I followed the link to MS's web site. There, I eventually reached MS's download page for the removal tool specifies and *doesn't* specify some interesting things:

1. Only works on Win2K and WinXP. Didn't DL.ject infect 95, 98 and NT as well? SCREWED!
2. Apparently, this 'tool' only removes the W32/Berbew virus, sez nothing about removing download.ject itself. Maybe? Maybe not? No info at all.
3. The instructions continually refer to this tool as an installer, but gives no indication how to run the tool after it is 'installed', other than to say that you can delete the installer and the program it installed will not appear in the add/remove programs list. (I don't think it actually "installs" anything, but they are using installer language to avoid confusing users. They failed.)

Not getting any funner, is it?

Re:The mounting pressure

[SethJohnson]

Indirectly. Halliburton, which was run by our Vice President until 2000, frequently receives no-bid contracts for millions of dollars, and then subcontracts the work for tens of thousands of dollars. And requently, there isn't any work being done under contracts, anyway.

"We saw very little concern for cost considerations," David Walker, head of the General Accounting Office, the investigative arm of the Congress, told members of the Congress who attended a hearing at the Government Reform Committee in the House of Representatives. "There are serious problems, they still exist, and they are exacerbated in a wartime climate."