Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Patches Fix IE, Sony Flaws

Posted by Zonk on from the friendly-software dept.

An anonymous reader writes "Microsoft issued two security updates today, one of which fixes at least four flaws in its Internet Explorer browser, including one for which an exploit was released over Thanksgiving that is now being used by a handful of porn sites to install spyware, etc. According to Washingtonpost.com, the IE patch also removes a component left behind by a patch from Sony BMG designed to remove some of the more dangerous features of anti-piracy software installed by Sony BMG music CDs. Researchers found that the Sony patch changed settings in IE so that any Web site could install software on those machines."

19 of 174 comments (clear)

  1. two wrongs by caffeinemessiah · · Score: 5, Funny

    Wow...Microsoft cleaning up after Sony? It's like oil companies issuing nicotine patches to clean up after tobacco companies. The big fight this winter is evil vs. evil. Wooo!

    --
    An old-timer with old-timey ideas.
    1. Re:two wrongs by Anonymous Coward · · Score: 4, Funny

      You know the world is going crazy when the best golfer is black, the best rapper is white, Google fixes MS's flaws, and MS fixes Sony's flaw.

  2. Sony by Anonymous Coward · · Score: 5, Informative

    Re the Sony spyware saga, it's also worth checking out Ed Felten's latest article on XCP's eviller twin, Suncomm Mediamax. Seems Mediamax made the fatal mistake of setting out their entire scheme in an SEC filing.

  3. Re:This is bizarre by Spy+der+Mann · · Score: 5, Funny

    Or there could be pigs flying somewhere, I don't know.

    I think you mispelled "chairs".

    (sorry, couldn't resist :P )

  4. ahhhh... by Anonymous Coward · · Score: 4, Funny

    Now I can go to porn sites again without having to worry...

  5. The Good, The Bad, and The Stupid by Anonymous Coward · · Score: 5, Insightful

    If Microsoft released a patch right away, administrators would complain they are patching too often and forcing them to test internal software more.

    If Microsoft waits for the patch cycle, slashdotters complain Microsoft is purposely holding out so that they can sell anti-virus

    And normal computer users, they don't patch so it really does matter

  6. Strange by Anonymous Coward · · Score: 4, Interesting

    This is the first update in ages that requires a reboot, is the Sony rootkit that destructive?

    1. Re:Strange by DavidRawling · · Score: 5, Informative

      Pretty much. It installs poorly coded filters on the CD drives - if installed in the middle of an IO you could get a blue screen. Mark discussed this in detail.

      Much safer to remove during reboot otherwise you'd hear screams of, "The patch BSOD'd my computer!"

    2. Re:Strange by Tim+C · · Score: 4, Informative

      It's not just that, it messes with the kernel's systables. At unregister time, it puts things back the way they should be, but it anything else had yielded after grabbing an affected address but before completing the call, *boom* BSOD.

      (All from memory of reports here, don't shoot me if the terminology is wrong)

      --
      It's official. Most of you are morons.
  7. Re:This is bizarre by Eberlin · · Score: 5, Insightful

    HD-DVD vs. Blu-Ray, Xbox 360 vs. PS3, and then there's Microsoft's move into the music business. Must say there's not many things more satisfying than pointing out (and fixing) the wrongdoings of the "competition" -- ain't that right, fellow slashbots?

  8. Re:...still waiting for service pack ZONKZonk-1.0. by Kelson · · Score: 4, Interesting

    Open Slashdot->Preferences, then go to the "Homepage" tab, then look under "Customize Stories on the Homepage"

    You can disable Zonk right there -- his posts will never reach your browser again. (This is compatible with all web browsers I've tested, though you have to enable cookies. But then cookies are such delicious delicacies, you have to wonder why anyone would want to disable them other than being on a diet.)

    There's only one problem, though: This patch requires you to register with Slashdot. One wonders how responsible it is to require personal information (I hear they actually want a username and a password! At least you can use a throw-away email address) in order to use this valuable functionality.

  9. Re:Thank you Sony... by PsychicX · · Score: 5, Funny

    You'll be glad to know that, due to the PS3's extensive Wifi capabilities, Sony will be able to install copy protection on every computer in your house the moment the PS3 is powered up. Sony plans to include Linux and OSX exploits for those of you who try to be clever about it. The installed software will cause any computer to crash immediately, which Sony hails as a great technological breakthrough since their last technology, which could only destroy OSX but not Windows or Linux. And as for what happens if you try to copy a Blu-Ray disc...let's just say it's not so much "managed" copy as it is "melted" copy.

  10. Re:This is bizarre by Trogre · · Score: 4, Insightful

    Of course Microsoft wants to appear as the Knight in Shining Armour who saved us from the Evil Sony.

    Who has just invested millions in the launch of a games console, and who is the current leader in that arena?

    --
    "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  11. Darn it! by Guppy06 · · Score: 4, Funny

    It's yet another article that totally forgets about the upcoming Nintendo Revolution!

    Oh, wait... this is a different Microsoft vs. Sony hissy fit?

  12. Actually, it gets better by TheSpoom · · Score: 4, Interesting

    Microsoft should now have released a patch to Microsoft Antispyware and also have their monthly Malicious Software Removal Tool (which customers running XP Automatic Updates will have automatically run) detect and delete the Sony rootkit. IMHO, very cool (if they did it, can someone confirm?)

    I submitted an article about this a few weeks ago, it was rejected for some reason. Probably too many Sony stories already. ;^)

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  13. Blu Ray by jmichaelg · · Score: 4, Insightful

    Will people remember this farce and say thanks but no thanks to Blu-Ray because they're not sure what the drivers will do to their computer? And if you can't trust Sony's Blu-Ray drivers, who's to say the HD-DVD drivers will be any safer?

    It would be ironic if somebody at Sony who was worried about selling a few copies of a country-western CD ended up jeopardizing a billion dollar market.

  14. Wow, should MS be sued under the DMCA? by mixonic · · Score: 5, Interesting

    Neat!

    So, since MS is keeping Sony from installing their "DRM" spy^H^H^Hsoftware, you can say they are circumventing Sony's DRM software, PLAINLY against the DMCA. The only question is.....who do we cheer for when evil sues evil over evil with evil laws?

    -mix

  15. Yes, MSRT removes F4I by ScottCooperDotNet · · Score: 4, Informative
    Yes, Microsoft's Malicious Software Removal Tool removes First 4 Internet Rootkit as of December 7th.

    "WinNT/F4IRootkit is a kernel-mode rootkit used for copy protection on certain Sony BMG audio CDs. There are several versions of this rootkit. The rootkit hides certain Windows system resources, including files, processes, and registry settings. The rootkit can be used by attackers to hide malicious content on the computer." -Microsoft

    http://www.microsoft.com/security/malwareremove/fa milies.mspx

    http://www.microsoft.com/security/encyclopedia/det ails.aspx?name=WinNT%2FF4IRootkit

  16. OMGWTFBBQ???!!!!11!! by multipartmixed · · Score: 4, Funny

    > Researchers found that the Sony patch changed settings in IE so
    > that any Web site could install software on those machines."

    Wait. So, Sony is setting IE back to its default security settings?

    That hardly seems newsworthy.

    --

    Do daemons dream of electric sleep()?