Spyware Sucks

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

"The Biblical wisdom “pride comes before a fall” needs to be foremost in the minds of security professionals. There are several aspects to this truth, but it starts with believing it is true. For one, the bad guys are always getting better and trying to get in. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and when you are “done". What worked today may not work tomorrow. In this light, be careful about the promises you make to others regarding security and the protections you are deploying." - Dan Lohrmann

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/927892.mspx

Note, the vulnerability is not in IE, although IE is used as an infection vector.

Note that the associated KB is not yet live at time of writing:
http://support.microsoft.com/kb/927892

Specifics:
Microsoft is aware of a new, publicly disclosed, vulnerability report affecting the XMLHTTP 4.0 ActiveX Control, which is part of Microsoft XML Core Services 4.0. This vulnerability affects the software that is listed in the “Overview” section.

Microsoft XML Core Services 4.0 installed on Windows 2000 SP4, Windows XP SP2 and Windows Server 2003 SP0/SP1 include the vulnerable ActiveX (note:Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected)

I'd advise you set the killbix as described in the Technet security advisory.

http://www.frsirt.com/english/advisories/2006/4334

http://xforce.iss.net/xforce/alerts/id/239

http://secunia.com/advisories/22687/ (thankfully Secunia is not saying that its an "IE7 vulnerability" this time)

Published Sun, Nov 5 2006 10:00 by sandi

Filed under: Internet Explorer 7, Internet Explorer

Comments

# IE7 Refuses to Delete Cookies

Thursday, November 23, 2006 10:08 PM by Karaoke2Go Webmaster

We installed IE7 (BIG mistake!) on a Toshiba Sattellite M115-S3094 laptop. We soon discovered that the browser wasn't deleting anything in the Temporary Files folder even though we performed a "delete all" function. We had to manually delete the files by bringing up the directory from within IE7. Eventually we started deleting third-party software. After deleting Sun Java Runtime, I could delete the files, except for the cookies! I rebooted and the problem went away---for the FIRST operation. the second and subsequent time I couldn't deleted cookies. I reinstalled Java Runtime, and once again no files at all could be deleted from the directory.

Finally I uninstalled IE7 and of course IE6 came back. Yah! No mas problemas!

Get rid of IE7! ` It SUCKS!

Spyware Sucks

This Blog

Syndication

Search

Tags

Community

Archives

News

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Comments

# IE7 Refuses to Delete Cookies