Latest security glitch

  • Thread starter Thread starter BXPS
  • Start date Start date
B

BXPS

Does anyone know, regarding the latest security hole announced on July 6, can
we avoid fooling around with the workaround by simply switching to Firefox or
another browser until a patch is released?
 
What latest security hole would that be?

: Does anyone know, regarding the latest security hole announced on July 6,
can
: we avoid fooling around with the workaround by simply switching to Firefox
or
: another browser until a patch is released?
 
Has anyone tried using the registry-modification workaround listed in
http://www.microsoft.com/technet/security/advisory/972890.mspx yet?

It seems like you'd have to make a big honking registry file with all 40-something entries
listed set to the "Compatibility Flags"=dword:00000400 value.

But I wonder if that change (manual/scripted/deployed) could be updated accommodated by
whatever MSFT would issue come Patch Tuesday...

BXPS - I would imagine that using FFox would be a good start, but if IE gets called by
another application (say email link to URL), that might be enough protection...

TIA,
BM
 
Typo:
should be "but if IE gets called by another application (say email link to URL), that NOT
might be enough protection..."
 
Download the MicrosoftFixit50287.msi from this KB article, save it, and
apply it to the systems that need it:

Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX
control could allow remote code execution
http://support.microsoft.com/kb/972890

There's also a ' Disable workaround Fixit ' on the page for when the
patch is released but ... since the patch will set the same killbits
that the Fixit does, there should be no need to install it unless there
are other Security fixes included ... as in a Cumulative Security Update
for IE.



MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
 
Okay, thanks!

MowGreen said:
Download the MicrosoftFixit50287.msi from this KB article, save it, and
apply it to the systems that need it:

Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX
control could allow remote code execution
http://support.microsoft.com/kb/972890

There's also a ' Disable workaround Fixit ' on the page for when the
patch is released but ... since the patch will set the same killbits
that the Fixit does, there should be no need to install it unless there
are other Security fixes included ... as in a Cumulative Security Update
for IE.



MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
Click to expand...
 
Would you suggest that this "FixIt" be used on my Vista also?

I read "Though unaffected by this vulnerability, Microsoft is recommending
that Windows Vista and Windows Server 2008 customers remove support for this
ActiveX Control within Internet Explorer using the same Class Identifiers as
a defense-in-depth measure."

And does anyknow know what they mean by: "using the same Class Identifiers
as a defense-in-depth measure?"
 
Although there is nothing on the Fixit page that says it's for Vista, it
is, Alice.
All it will do is set the same killbits for the CLSIDs that are listed
in the Security Advisory:

General Information > Suggested Actions > Workarounds
The CLSIDs are listed under Workarounds
The automated Fixit tool sets killbits so that none of the CLSIDs listed
can run.

Since there is no legitimate use of the ActiveX in question, applying
the Fixit to a Vista system provides what MS describes a 'defense in
depth' .
In plain English ... applying the Fixit will *not* cause any loss of
functionality and despite the fact that Vista is not vulnerable to this
exploit, provides another layer of protection, just in case. <w>


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
 
BXPS said:
Does anyone know, regarding the latest security hole announced on
July 6, can we avoid fooling around with the workaround by simply
switching to Firefox or another browser until a patch is released?
Click to expand...

It almost seems that way. The problem is ActiveX in IE.
 
MowGreen said:
Although there is nothing on the Fixit page that says it's for Vista,
it is, Alice.
All it will do is set the same killbits for the CLSIDs that are listed
in the Security Advisory:

General Information > Suggested Actions > Workarounds
The CLSIDs are listed under Workarounds
The automated Fixit tool sets killbits so that none of the CLSIDs
listed can run.

Since there is no legitimate use of the ActiveX in question, applying
the Fixit to a Vista system provides what MS describes a 'defense in
depth' .
In plain English ... applying the Fixit will *not* cause any loss of
functionality and despite the fact that Vista is not vulnerable to
this exploit, provides another layer of protection, just in case. <w>


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
Click to expand...

JEEZ, can NO ONE read anymore??

From the KB article:

Customers who are using Windows Vista or Windows Server 2008 are not
affected because the ability to pass data to this control within
Internet Explorer has been restricted.

..By default, Internet Explorer on Windows Server 2003 and 2008 runs in a
restricted mode that is known as Enhanced Security Configuration.
Enhanced Security Configuration is a group of preconfigured settings in
Internet Explorer that can reduce the likelihood of a user or
administrator downloading and running specially crafted Web content on a
server. This is a mitigating factor for Web sites that you have not
added to the Internet Explorer Trusted sites zone. See also Managing
Internet Explorer Enhanced Security Configuration.

 
Back
Top