See other Science/Tech Articles
Title: Microsoft Offers Download Workaround For IE Bug
Source:
TechWeb News
URL Source: http://www.developerpipeline.com/sh ... icle.jhtml?articleId=165700441
Published: Jul 6, 2005
Author: TechWeb News
Post Date: 2005-07-09 14:47:40 by RickyJ
Keywords: Workaround, Microsoft, Download
Views: 54
Comments: 4
Microsoft on Tuesday posted a temporary workaround to a bug in Internet Explorer that could let an attacker grab control of a PC. A patch to actually fix the problem, however, is not yet available. The vulnerability, which first surfaced last week in a security advisory, involves the "Javaprxy.dll" file, which is part of the Microsoft Java Virtual Machine, and handles ActiveX controls. A hacker could exploit the bug to make IE crash or even insert his own code onto the system. The workaround, which users can download from Microsoft's Download Center, disables Javaprxy.dll by modifying the Windows registry. The same can be done manually, but most users are unfamiliar with that crucial component of the operating system; an error in the registry can make Windows unbootable. The affected versions of IE include 5.01 SP3 and SP4, 5.5 SP2, 6.0, and 6.0 SP1 on Windows 98, Me, 2000, XP (including the vaunted security update, XP SP2), and Windows Server 2003 (including that OS's recently-released SP1). A Microsoft spokesperson said that the download would be placed on Windows Update "as soon as possible," and that the update would be included in a future security bulletin. The next scheduled bulletin roll-out is Tuesday, July 12, but Microsoft hasn't committed to adding this fix to that bunch. Danish security firm Secunia characterized the gaffe as "Extremely critical," the highest rating in its five-step system. Although there's yet no evidence of active attacks on IE based on the vulnerability, U.S.-based security vendor Symantec reported as early as Saturday that exploit code had gone public. "Comments within the exploit claim that it has been tested on Microsoft Windows XP SP1 and Microsoft Windows XP SP2 systems," Symantec's DeepSight Threat network reported. "The DeepSight Threat Analyst Team was unable to successfully exploit a Microsoft Windows 2000 test system using this exploit, however, minor modifications to the code may allow a successful attack." Symantec also said it was monitoring port 28876, the port used by the public exploit to target vulnerable PCs, but that "currently, there is no indication of elevated activity targeting this port." Links to the various downloads -- one for each of the IE editions -- can be found in the updated security advisory.
Post Comment Private Reply Ignore Thread
Top • Page Up • Full Thread • Page Down • Bottom/Latest
#1. To: All (#0)
If you haven't got it yet, then do yourself a favor and get Firefox.
God is always good!
I agree.
The means of defense against foreign danger historically have become the instruments of tyranny at home. – James Madison
How about "If you haven't got it yet, then do yourself a favor and get OS X". Or stick with Windows, and deal with the daily patch to patch the patch that patches the patch to patch the problem created by the patch patching the patched version of the previous patch. I'd print a list of all of the virii, worms, slugs, spiders, gnats, chiggers, no-see-ums and Trojan horses currently active in the Windows community, but that would overload the Internet and then everyone would be all upset with me....
#2. To: RickyJ (#1)
If you haven't got it yet, then do yourself a favor and get Firefox.
#3. To: robin (#2)
If you haven't got it yet, then do yourself a favor and get Firefox.
 | Gold and silver are real money, paper is but a promise. |
#4. To: Elliott Jackalope (#3)
I use Linux and Windows. Linux (Fedora) is almost friendly enough for general consumption. Actually, the main problem is that not enough of the popular games play on it yet (according to my son).
The means of defense against foreign danger historically have become the instruments of tyranny at home. – James Madison
Top • Page Up • Full Thread • Page Down • Bottom/Latest