[pchelpers] don't use Internet Explorer, Outlook, or Outlook Express for 2 weeks

Quoted from
http://blog.washingtonpost.com/securityfix/2006/09/newly_detected_ie_exploit_spel.html

Newly Detected IE Exploit Spells Massive Spyware Trouble

This new exploit, combined with two other publicly available exploits 
for a separate, unpatched IE flaw, should give pause to anyone using the 
Microsoft browser. My advice: If you or someone you care about is in the 
habit of cruising the Web with IE, now would be a very good time to get 
acquainted with another browser that doesn't use IE's rendering engine, 
such as Firefox or Opera. www.mozilla.com www.opera.com
...
"Usually, as soon as we see these things in the wild like this they 
start spreading very quickly," Sites said.
...
A previously undocumented flaw in Microsoft's Internet Explorer Web 
browser is reportedly being exploited by online criminals to install an 
entire kitchen sink of malicious software on any computer that visits 
any of a handful of sites currently exploiting the vulnerability.
...
Sites said Sunbelt had notified Microsoft of the discovery. I put in a 
call to the company late Monday but haven't heard back yet. I will 
update the blog when I hear back or when the company issues an advisory 
about this.

This whole thing is starting to smell a lot like the activity that 
preceded similar attacks on an unpatched IE flaw at the beginning of the 
year. For a week or so at the end of 2005, a handful of crime groups 
were using an undocumented IE vulnerability to attack people who visited 
a small number of fringe or hardcore porn Web sites, and Microsoft 
downplayed the threat from it by noting that fact. As the new year 
arrived, however, hundreds of legitimate Web sites had been compromised 
and were installing spyware on the computers of any user who visited 
them with the IE browser.
(end of quote)

If you absolutely must use Internet Explorer or Outlook Express or 
Outlook, MS has some geeky workarounds here:
http://www.microsoft.com/technet/security/advisory/925568.mspx

Or you can download the third-party patch that George told us about:
http://isotf.org/zert/
http://isotf.org/zert/download.htm

More info about Outlook, but the info about OE is wrong; OE is 
vulnerable (see MS link):
http://www.infoworld.com/article/06/09/21/HNoutlookvmlbug_1.html


comment on 
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
http://www.haloscan.com/comments/alexeck/115862151050439884/
"With Firefox, the source code is available for everyone to look at. 
Yes, this means that the "bad guys" get to look for stuff they can 
exploit ..... but it also means that the "good guys" get to look for 
stuff that the "bad guys" can exploit. And since there are more good 
guys than there are bad guys, any potential problem that exists is more 
likely to be found by a good guy (and promptly fixed) than by a bad guy.

There is a lot less shame in making a mistake and learning from it, than 
there is in covering up a mistake."
(end of quote)

This was mentioned in the blog comments at the link above and looks very 
interesting:
http://www.sys-manage.com/english/products/products_BufferShield_Exploits.html

http://sunbeltblog.blogspot.com/2006/09/minor-change-to-vml-exploit-mitigation.html

http://www.secguru.com/node/311


-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: