Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day Team Launches with Emergency IE Patch

Posted by ryuzaki0 on from the heroes-of-the-buggy dept.

Holy Mother of Thor writes to mention an eWeek article about a third-party patch for Internet Explorer. A dark horse security group formed after the WMF attacks in late 2005, the ZERT (Zero Day Emergency Response Team) has released a patch to attempt to slow the malware attacks on Windows. From the article: "'It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, then it becomes Exploit Wednesday. We're seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread,' Stewart said in an interview with eWEEK. Stewart, who is volunteering his reverse-engineering skills and time to ZERT in his private capacity, wrote an early version of the VML (Vector Markup Language) patch the group released Sept. 22 and worked closely with others to fine-tune the update to minimize potential glitches."

9 of 157 comments (clear)

  1. Who didn't see this coming by George+Beech · · Score: 4, Interesting
    I mean really, it just seems logical if they are only going to patch once a month, then the bad guys will go after every hole that wasn't patched the day after updates are released.

    I'm just amazed that it took this long for it to become big news that this kind of thing is going on.

  2. Suprised by joshetc · · Score: 2, Interesting

    Honestly I'm suprised it took this long for something like this to happen. You patch once a month on a specific day.. obviously they are going to time their attacks for when they will inflict the most damage.

  3. Alternative: Unregister vgx.dll by Noksagt · · Score: 5, Interesting
    The latest Security Now! episode had information on this exploit. Those who have policies in which they can't install third party patches do have an alternative:
    regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
    When MS comes out with a patch,
    regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
    will re-register it.
  4. Why must the internet be neutropenic? by Control+Group · · Score: 2, Interesting

    This is neat. Kudos to these guys, and I'm glad they're doing what they're doing.

    But it isn't a long-term solution; it still depends on human-speed recognition of the exploit and development of a patch.

    What we need is the spread of viruses/worms/trojans whose payload is the removal of malware. Internet antibodies, as it were. The ultimate goal ought to be an antibody - or, to coin a term, an ant.iBody (ant.eBody?) - software that heuristically determines what is malware and what is legitimate software, preventing the former while allowing the latter and propagates itself across the network.

    Of course, deploying something like that would break all sorts of computer security laws...but it's not like that stops anything else.

    --

    Reality has a conservative bias: it conserves mass, energy, momentum...
  5. The Church of Microsoft by erroneus · · Score: 2, Interesting

    I think they should have been a LOT more religious about writing secure code back when they claimed to be focusing on security and such. I haven't noticed any slowdown in the frequency on new exploits and no real increase in the delivery of patches. But if they haven't found religion in writing secure code, I think it's about time they did.

  6. Re:An even simpler solution by ericlondaits · · Score: 2, Interesting
    IE Only Sites. There's nothing more than I'd love than to put Firefox and remove IE from people's desktop. In fact, I do at every chance I get. But telling someone that if they come across a site that FF doesn't work with - the site isn't worth it for them, and it turns out their BANKING or STOCK site doesn't work ... well your credibility just got shot down.
    Worst part is, the sites I had problems with so far while using Firefox were all based on Flash. It seems that IE and FF handle screen coordinates differently... so cursors, pull down menus and buttons implemented in Flash might not work OK in FF depending on implementation. This has nothing to do with poor CSS or DHTML implementations.
    --
    As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
  7. Re:An even simpler solution by nithinsujir · · Score: 2, Interesting

    "But telling someone that if they come across a site that FF doesn't work with - the site isn't worth it for them, and it turns out their BANKING or STOCK site doesn't work ... well your credibility just got shot down." I disagree. It just means their BANKING site doesn't pay much importance to security and so it isn't worth it in the long run.

  8. Re:An even simpler solution by jd142 · · Score: 2, Interesting

    Easy, shove a .reg file to the machine to disable access to that tab. Easy to bypass, yes. For a geek. But for a general user, not quite so easy for them.

    GPO. Then they can't bypass it because the setting will be re-applied.

    Also, you can edit one of firefox files that's just plain text to hide those menu settings. It's been awhile since I've done it, but if you do a search for firefox and kiosk you should find the instructions.

  9. Re:An even simpler solution by pixelpusher220 · · Score: 2, Interesting

    and the second point:

    Firefox plug-in IE View

    Description: Lets you load pages in IE with a single right-click, or mark certain sites to *always* load in IE. Useful for incompatible pages, or cross-browser testing.

    I like the idea that you can tell users, if it doesn't seem to look right, try this...and then have them default the few non-compatible sites to use IE. Trains them that IE is 'different' and Firefox is more standard.


    --
    People in cars cause accidents....accidents in cars cause people :-D