Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
You're not gonna believe this
- Thread starter smah
- Start date
- Status
A discussion about how good the MS "patch" really does the job has been going on for several days. The original fix for this vulnerability was not the now famous "msblast" patch but a later patch released August 20th, and revised August 28th. And now revised again.
To test if you are vulnerable there is a test page:
To test if you are vulnerable there is a test page:
![[bigsmile]](/data/assets/smilies/bigsmile.gif "[bigsmile] [bigsmile]")
The vulnerability test spawned two warnings from my virus scanner, I deleted the incoming files, and then got the popup saying I am vulnerable.
Can I safely conclude the virus scanner shields me against attacks of this kind, or did it merely catch part of it and the fact that the popup came suggests I'm still vulnerable?
"Much that I bound, I could not free. Much that I freed returned to me."
(Lee Wilson Dodd)
Can I safely conclude the virus scanner shields me against attacks of this kind, or did it merely catch part of it and the fact that the popup came suggests I'm still vulnerable?
"Much that I bound, I could not free. Much that I freed returned to me."
(Lee Wilson Dodd)
Sashanan,
This suggests you have strong anti-virus controls against downloading ActiveX controls but are vulnerable once an ActiveX control is executed.
Patch. The controls enter your system through various backdoors and not through a means that can always be seen by a virus scanner.
This suggests you have strong anti-virus controls against downloading ActiveX controls but are vulnerable once an ActiveX control is executed.
Patch. The controls enter your system through various backdoors and not through a means that can always be seen by a virus scanner.
Well, I'm afraid I'm not allowed to patch (this is a work machine and Windows updating/patching is handled centrally) and at home I run Win 98, which as I understand it is safe from this particular problem, but I'll be sure to bring up the issue with the IT manager.
"Much that I bound, I could not free. Much that I freed returned to me."
(Lee Wilson Dodd)
"Much that I bound, I could not free. Much that I freed returned to me."
(Lee Wilson Dodd)
yes bill, but zdnet has been runing a warning for the past 3 days that there is a flaw in the 822925 patch, and I tested it through the link you supplied above and my system is vulnerable!
Q822925 does not contain security patches. It is a Cumulative Update for IE.
Your article discusses the sufficiency of the original RPCSS patch, which is not in 822925.
You need the Sepetember 10, 2003 patch referrred to originally by smah in the first message of this thread and in subsequent messages, not an update to IE.
Your article discusses the sufficiency of the original RPCSS patch, which is not in 822925.
You need the Sepetember 10, 2003 patch referrred to originally by smah in the first message of this thread and in subsequent messages, not an update to IE.
Thursday 11th September 2003
Critical Internet Explorer patch 'does not work'
Patrick Gray
ZDNet Australia
September 08, 2003, 09:40 BST
Tell us your opinion
A fix to a serious bug in Microsoft's browser is still not working properly after a re-release, according to the firm that discovered the flaw
A patch released by Microsoft to fix a critical security vulnerability in Internet Explorer does not work, according to security experts.
The "object type" vulnerability was discovered by eEye Digital Security around four months ago. A patch was released on 20 August -- and then re-released on 28 August, because under some circumstances it caused problems for some non-default operating system installations -- and looks due for yet another re-release because it simply doesn't fix the vulnerability it is supposed to, eEye said.
The vulnerability can be exploited by crafting a malicious HTML file that, when viewed by an Internet Explorer browser, extracts and executes malicious code.
Speaking to ZDNet Australia by phone from the US, Marc Maiffret, eEye's chief hacking officer, said the vulnerability is particularly critical because it doesn't take a lot of effort to take advantage of. "It's pretty serious just because it's so easy to exploit... it doesn't require someone to know how to write buffer overflow exploits or anything like that."
Maiffret says Microsoft should have done a better job to begin with. "How do you take four months to fix something this simple and then not fix it correctly?" he asked. "It seems like they are taking security seriously... [but] at the same time I don't think they're really investing."
The lack of suitably skilled security engineers within the company is one reason Maiffret says this incident -- described by the researcher who discovered the flaw in the patch as a "pathetic oversight" -- has occurred. "A lot of it comes from having the right people in-house," Maiffret said. "They have some very smart guys in there, but they definitely don't have enough."
The problem with the security fix was first made public by malware.com and Maiffret sincerely doubts that Microsoft were informed prior to the disclosure. "They discovered it and they're getting the information out there... I'm not sure if they gave Microsoft the information, which is usually the best way," he said.
Prior to the release of the patch, Maiffret's team looked over the patch and didn't see any problems, but he says it was a quick "once over" -- not a detailed audit. "[Our] researchers were just helping out, it's not like MS were paying us for this," he said. Microsoft use external security code auditors, which in this case were not doing enough, Maiffret says.
Concerned users can disable active scripting on their browsers to mitigate the vulnerability until Microsoft makes a patch available.
Emphasis Mine. From the MS03-032 Technical Description:
The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026[/b] and includes the fix for the security vulnerability discussed in MS03-026, as well as 3 newly discovered vulnerabilities.
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation— two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another.
Oh yes it is, you are obviously not checking out the links! In my above post click on "A patch released by Microsoft" in
this takes you to this page in zdnet
and from there you click on "Web site." , which is in blue and underlined for you!
this does indeed take one to this site:
which is for 822925!!!!!!!!!!!!!!!!!!
this takes you to this page in zdnet
and from there you click on "Web site." , which is in blue and underlined for you!
this does indeed take one to this site:
which is for 822925!!!!!!!!!!!!!!!!!!
- Status
