Microsoft is offering an Anti-Download.ject update
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
Microsoft, TODAY, offered a config fix for IE on 2000 and Xp and a couple othe minor vars of Windows. This config fix is explained here:
http://support.microsoft.com/default.aspx?kbid=870669
The main email I got is here-- microsoft said this could be spread free if quoted verbatim and in full, so I am doing so:
One of the config changes will disable the ADODB.stream ActiveX object that lets websites feed ActiveX and have client end surfers make use of them. There was a hole in ADODB.stream that let a malware ActiveX object launched from a website in IE get access to the local client HD as if it were a local machine zone secured object. In essence, by using this config, you are keeping IE from running ActiveX in part at least, and possibly in large part. ActiveX objects downloaded from servers will no longer have access to local computer HDs via ADODB.exe when this config change is put in place. ActiveX functionality itself has not been code-patched, this cuts off IE links to it only. This is a config patch.
HTH some of you who were worried about this kind of local system penetration, it could break other websites from feeding some junkware\malware also. NOTE, at bottom of the downloadject link in email, Microsoft does say that Me, 98, and 98 SE will get security patches to deal with this, but that those are not ready yet and will not be concurrent with the XP and 2000 patch offered today.
This config does not break ADODB.Stream functions launched from outside of IE AFAIK, and Microsoft is saying it does not do so. Only ActiveX that is accessed through IE is affected, according to Microosft's latest info that is publicly available. HOWEVER, tehere is one more im[plication of this-- please note that if you rely on remote Virus Scanning from vendor sites, that some of them do use ActiveX and those scanners need HD access to scan HDs. If you apply this, consider it imperative to get Av for your computer. If you do not apply it, this is the ActiveX hole that can be accessed to get other new malware on your computer.
I do not know a good way to have BOTH until parts of ActiveX are reworked or XP's SP2 is released. With SP2 when it IS released, expect an IE service pack with it. That service pack has this entry into ActiveX from within IE closed by default. Those XP users with XP SP2 RC2 already installed also have this issue fixed.
http://support.microsoft.com/default.aspx?kbid=870669
The main email I got is here-- microsoft said this could be spread free if quoted verbatim and in full, so I am doing so:
BEGIN PGP SIGNED MESSAGE
MICROSOFT SECURITY UPDATE
July 2, 2004
SECURITY UPDATE SUMMARY
On Friday, July 2, 2004, Microsoft is releasing a configuration
change for
Microsoft Windows(r) XP, Windows 2000, and Windows Server(tm) 2003 to
address recent malicious attacks against Microsoft Internet
Explorer.
LEARN MORE
To learn more about this update, review this notice on
Microsoft.com:
http://www.microsoft.com/downloadject
Windows customers are encouraged to apply this configuration change
immediately to help protect against current Internet Explorer
issues. The
update is available on the Windows Update Web site.
http://windowsupdate.microsoft.com
Customers who have installed Windows XP Service Pack 2 RC2 are not
at risk and do not need this configuration change.
__________________________________________________
BEWARE OF BOGUS BULLETINS
If you get e-mail that claims to contain a Microsoft software
update, it is probably a virus trying to trick you into infecting
your computer. Microsoft never widely distributes software in e-
mail. Learn how to spot a bogus bulletin:
http://www.microsoft.com/verifymail
__________________________________________________
ADDITIONAL RESOURCES
SECURITY WEB SITE
http://www.microsoft.com/security/
HELP PROTECT YOUR PC FROM BAGLE, NETSKY, AND OTHER MASS MAILER WORMS
http://www.microsoft.com/security/incident/mass_mailer.mspx
SECURITY BULLETIN SEARCH TOOL
http://www.microsoft.com/technet/security/current.aspx
SECURITY NEWSGROUPS
http://go.microsoft.com/?LinkID=436862
PROTECT YOUR PC
http://www.microsoft.com/security/protect/
__________________________________________________
ABOUT THE MICROSOFT SECURITY UPDATE
The Microsoft Security Update is an e-mail alert service designed
for home users and small businesses that provides information about
Microsoft security updates and virus alerts. Microsoft also uses
this service to make subscribers aware that they might need to take
action to guard against a circulating security threat.
You have received this update because you are a subscriber. If
you would like to unsubscribe, follow the instructions at the bottom
of this page.
__________________________________________________
BEGIN PGP SIGNATURE
Version: PGP 8.1
iQEVAwUBQOVEb40ZSRQxA/UrAQHDOgf9Hg35nzfx4YZ/gV1x307K8SnP79QwUiY7
nAv4uqYzqbxSlT4tVBl3nLK0f6ozNjAWLPnUh9E0P58J91lCrpwzDaBXP2DkdALI
pbADH16HiPnULWq6+Me/+NpLqYNKWEzA802JQgEi8F6v7GUHpRQK46Nu6bTw82hu
/C0JPb4cFQAkeTMD++UaGZhYZiF0feae0RuT+bqrgjRMbX/WrFU1q2HD8C9ktyaX
pIx8UtKvM2I31hy2imP73DbvdXJldAUjklK9K3exU8jrQGKtZFNWqCR8GVOx3bwR
Wy8a7GJHDgIgyqyJVIf+/Th/ZiDQ2m9oNebeOjYm08JfRqNu1qbFGg==
=tRQa
END PGP SIGNATURE
To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp.
You may cancel your subscription to this newsletter by doing one of the following:
* Reply to this message with the word UNSUBSCRIBE in the Subject line.
* Click mailto:1_63141_65A54939-0E66-4167-894E-965BABF5F579_US@Newsletters.Microsoft.com?subject=UNSUBSCRIBE to send an unsubscribe message.
THIS DOCUMENT AND OTHER DOCUMENTS PROVIDED PURSUANT TO THIS PROGRAM ARE FOR INFORMATIONAL PURPOSES ONLY. The information type should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. The user assumes the entire risk as to the accuracy and the use of this document.
Microsoft.com newsletter e-mail may be copied and distributed under the following conditions:
* All text must be copied without modification and all pages must be included.
* All copies must contain the Microsoft copyright notice and any other notices provided therein.
* This document may not be distributed for profit.
One of the config changes will disable the ADODB.stream ActiveX object that lets websites feed ActiveX and have client end surfers make use of them. There was a hole in ADODB.stream that let a malware ActiveX object launched from a website in IE get access to the local client HD as if it were a local machine zone secured object. In essence, by using this config, you are keeping IE from running ActiveX in part at least, and possibly in large part. ActiveX objects downloaded from servers will no longer have access to local computer HDs via ADODB.exe when this config change is put in place. ActiveX functionality itself has not been code-patched, this cuts off IE links to it only. This is a config patch.
HTH some of you who were worried about this kind of local system penetration, it could break other websites from feeding some junkware\malware also. NOTE, at bottom of the downloadject link in email, Microsoft does say that Me, 98, and 98 SE will get security patches to deal with this, but that those are not ready yet and will not be concurrent with the XP and 2000 patch offered today.
This config does not break ADODB.Stream functions launched from outside of IE AFAIK, and Microsoft is saying it does not do so. Only ActiveX that is accessed through IE is affected, according to Microosft's latest info that is publicly available. HOWEVER, tehere is one more im[plication of this-- please note that if you rely on remote Virus Scanning from vendor sites, that some of them do use ActiveX and those scanners need HD access to scan HDs. If you apply this, consider it imperative to get Av for your computer. If you do not apply it, this is the ActiveX hole that can be accessed to get other new malware on your computer.
I do not know a good way to have BOTH until parts of ActiveX are reworked or XP's SP2 is released. With SP2 when it IS released, expect an IE service pack with it. That service pack has this entry into ActiveX from within IE closed by default. Those XP users with XP SP2 RC2 already installed also have this issue fixed.
0
Comments
Dexter...
For those who want to look it up on US-CERT's site, the email is a notify logged by them as US-CERT Technical Cyber Security Alert TA04-184A.