Slashdot Mirror
Microsoft Patches Fix IE, Sony Flaws
An anonymous reader writes "Microsoft issued two security updates today, one of which fixes at least four flaws in its Internet Explorer browser, including one for which an exploit was released over Thanksgiving that is now being used by a handful of porn sites to install spyware, etc. According to Washingtonpost.com, the IE patch also removes a component left behind by a patch from Sony BMG designed to remove some of the more dangerous features of anti-piracy software installed by Sony BMG music CDs. Researchers found that the Sony patch changed settings in IE so that any Web site could install software on those machines."
Re the Sony spyware saga, it's also worth checking out Ed Felten's latest article on XCP's eviller twin, Suncomm Mediamax. Seems Mediamax made the fatal mistake of setting out their entire scheme in an SEC filing.
Pretty much. It installs poorly coded filters on the CD drives - if installed in the middle of an IO you could get a blue screen. Mark discussed this in detail.
Much safer to remove during reboot otherwise you'd hear screams of, "The patch BSOD'd my computer!"
It's not just that, it messes with the kernel's systables. At unregister time, it puts things back the way they should be, but it anything else had yielded after grabbing an affected address but before completing the call, *boom* BSOD.
(All from memory of reports here, don't shoot me if the terminology is wrong)
It's official. Most of you are morons.
"WinNT/F4IRootkit is a kernel-mode rootkit used for copy protection on certain Sony BMG audio CDs. There are several versions of this rootkit. The rootkit hides certain Windows system resources, including files, processes, and registry settings. The rootkit can be used by attackers to hide malicious content on the computer." -Microsoft
http://www.microsoft.com/security/malwareremove/fa milies.mspx
http://www.microsoft.com/security/encyclopedia/det ails.aspx?name=WinNT%2FF4IRootkit