Printable View
Microsoft have released a configuration change on Windows Update which will prevent Download.Ject and other attacks using that unpatched IE vuln that's been in the news recently.
The easiest way to make the change is with a new patch on Windows Update. More info is also available at:
http://support.microsoft.com/?kbid=870669
http://www.microsoft.com/presspass/p...nfigchange.asp
<bump>, just to keep it visible for another day.
Thanks. I would make it sticky, but, boy, do we have a lot of them already.
Actually.. I'll make it sticky anyway.
The patch isn't all that effective and in essence the vulnerabilty still exists. Rather than attacking ADODB.Stream, an attack can be made against the Shell.Application instead...with essentially the same results.
See: Microsoft Patch Leaves Holes Open
http://story.news.yahoo.com/news?tmp...pcworld/116796
VerLux--Naturellement, c'est votre choix. But this does not reach the sticky level in my opinion. Very time-limited value and very specific in my opinion.
You're right.. I should've just stuck it briefly. :)Quote:
Originally posted by Welshjim
VerLux--Naturellement, c'est votre choix. But this does not reach the sticky level in my opinion. Very time-limited value and very specific in my opinion.