Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Unofficial IE Patches Block Attacks

Posted by ryuzaki0 on from the egg-is-good-for-the-complexion dept.

Pentrex writes "eWeek reports that two well-respected Internet security companies (eEye and Determina) have released unofficial patches to correct the vulnerability being exploited to load spyware, bots and Trojan downloaders on Windows machines. Microsoft isn't sanctioning the third-party patches, which include source code for review. As always, the advice is to weigh the risks before opting for an unofficial hotfix."

6 of 233 comments (clear)

  1. How do they even write these patches??? by MoxFulder · · Score: 4, Interesting

    I don't even understand how they manage to *write* third-party patches. I mean, it must be hard as hell to do without the IE source code. I think they write a separate DLL which acts as an intermediary to the flawed insecure library or something, but it sounds like an enormous pain-in-the-ass process. Or do these companies have access to MS code through Shared Source program or something?

    Yep, the more I watch the ills that befall the Microsoft-bound, the more I'm happy with my decision to go Linux-only a few years back.

    --
    My bicyles
    1. Re:How do they even write these patches??? by QuantumG · · Score: 4, Interesting

      You should do your work here in Australia. We have laws that guarentee our right to reverse engineer software to fix security issues.

      --
      How we know is more important than what we know.
    2. Re:How do they even write these patches??? by Anonymous Coward · · Score: 5, Interesting

      I don't use debuggers as much as you'd think. I prefer to disassemble the code and read it until I understand what's going on, and then confirm it with a debugger. Some other people use debuggers as their primary tool, and resort to disassembers only when they are really stuck. I guess it's just a matter of personal preference and temperament.

      When I do use a debugger, it's usually WinDbg. I like the command line interface and it has very good support for all versions of Windows. A lot of other security researchers use OllyDbg. For kernel debugging I use both WinDbg and SoftIce. SoftIce has the advantage of being able to follow code from user space to kernel space and back, which is very useful for analyzing kernel vulnerabilities.

      Alexander Sotirov
      Security Research
      Determina Inc.

  2. Re:Free as in... by Arandir · · Score: 3, Interesting

    In an old interview Bill Gates said, and I paraphrase, "people don't pay for bug fixes." This explains a lot.

    --
    A Government Is a Body of People, Usually Notably Ungoverned
  3. opensource? by sumdumass · · Score: 3, Interesting

    It would be interesting to see microsfts official patch when it becomes availible and attempt to see how close it is to these unofficial patches.

    Maybe the code would be completley different but would it achieve its goal by going about the same ways as the unofficial patch? Or would it be patched on a level deeper then we could access. I guess the most interesting part would be that a third party without access to the source code could actualy come together with a solution before microsoft. What would be more interesting is seeing how close those solutions match match each other. Sort of a test to how these third party programers can predict the neccesity or orders of different code they only have limited access to.

  4. Re:In memory fix by Zenki · · Score: 3, Interesting

    Then how do you expect debugging to work? Pretty much all OS's offer an API to let the debugger read/write bytes from program memory. A similar hack could be done on Linux by writing into /proc.