Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Unofficial IE Patches Block Attacks

Posted by ryuzaki0 on from the egg-is-good-for-the-complexion dept.

Pentrex writes "eWeek reports that two well-respected Internet security companies (eEye and Determina) have released unofficial patches to correct the vulnerability being exploited to load spyware, bots and Trojan downloaders on Windows machines. Microsoft isn't sanctioning the third-party patches, which include source code for review. As always, the advice is to weigh the risks before opting for an unofficial hotfix."

3 of 233 comments (clear)

  1. How do they even write these patches??? by MoxFulder · · Score: 4, Interesting

    I don't even understand how they manage to *write* third-party patches. I mean, it must be hard as hell to do without the IE source code. I think they write a separate DLL which acts as an intermediary to the flawed insecure library or something, but it sounds like an enormous pain-in-the-ass process. Or do these companies have access to MS code through Shared Source program or something?

    Yep, the more I watch the ills that befall the Microsoft-bound, the more I'm happy with my decision to go Linux-only a few years back.

    --
    My bicyles
    1. Re:How do they even write these patches??? by QuantumG · · Score: 4, Interesting

      You should do your work here in Australia. We have laws that guarentee our right to reverse engineer software to fix security issues.

      --
      How we know is more important than what we know.
    2. Re:How do they even write these patches??? by Anonymous Coward · · Score: 5, Interesting

      I don't use debuggers as much as you'd think. I prefer to disassemble the code and read it until I understand what's going on, and then confirm it with a debugger. Some other people use debuggers as their primary tool, and resort to disassembers only when they are really stuck. I guess it's just a matter of personal preference and temperament.

      When I do use a debugger, it's usually WinDbg. I like the command line interface and it has very good support for all versions of Windows. A lot of other security researchers use OllyDbg. For kernel debugging I use both WinDbg and SoftIce. SoftIce has the advantage of being able to follow code from user space to kernel space and back, which is very useful for analyzing kernel vulnerabilities.

      Alexander Sotirov
      Security Research
      Determina Inc.