Microsoft Advisory 917077

system · March 31, 2006, 10:26pm

This is NOT an April Fools Joke:

Link to Advisory from MS:

http://www.microsoft.com/technet/security/advisory/917077.mspx

Excerpt:
As of the latest update to this Advisory the following members of the Virus Information Alliance have indicated that their antivirus software provides protection from exploitation of the vulnerability discussed in this advisory.
•

Symantec
•

Computer Associates
•

McAfee
•

F-Secure Corporation
•

Panda Software International
•

Aladdin
•

Sophos
•

Eset Software
•

Trend Micro
•

Norman
•

Kaspersky

As currently known attacks can change, the level of protection offered by antivirus vendors at any time may vary. Customers are advised to contact their preferred antivirus vendor with any questions they may have or to confirm additional information regarding their vendor’s method of protection against exploitation of this vulnerability.

I am missing a name from the list…

Link to Secunias Advisory:

http://secunia.com/advisories/18680/

I have switched to Opera, but I suppose a couple of persons are still using IE.
HL

system · April 1, 2006, 8:14am

Can’t be joking all day long. ;D

HL

Vlk · April 1, 2006, 9:15am

You should be safe with avast as well. We don’t have a generic protection against this (yet) [and frankly, I’d say most of the vendors you listed don’t have it as well] - but we’re monitoring the situation and adding signatures… As a matter of fact, the situation is not as serious as it could be (it’s e.g. much better than in the case of the WMF exploit discovered in December 2005).

FYI Avast is not on that list because we’re not members of the Microsoft VIA…

Thanks
Vlk

system · April 1, 2006, 9:39am

Vlk,

Thanks for reply. Always good to get a serious and honest reply.

As I said, I switched to Opera and I turn off active scripting in IE if I need using it, so I feel safe.

I have been monitoring a couple of POC sites and I must admit I was a bit disappointed when Avast didn’t get it.(And more and more AV’s do). :-[

Let’s hope MS get the patch ready. That’s the final solution anyway.

HL

system · April 3, 2006, 10:58am

Was very glad to see this today:

03.04.2006 - 0614-0

JS:Exploit-CVE2006-1359,…

because this is what I asked for and that (almost) all other vendors take care of by now.

But still a bit disappointed when going to a POC at DSL-reports security forum:

http://

No alerts from Avast at all.

A bit misleading I think.

Here is the link to Secunia Advisory:

http://secunia.com/advisories/18680/

Please look at how dangerous this exploit is and that the CVE-reference in the advisory is identical to the CVE-reference posted above.
HL

Vlk · April 3, 2006, 11:36am

It’s as always with proof-of-concept stuff. You can’t judge the detection of the REAL THING according to the detection of the POC…

As I’ve said, there’s no generic detection of this built in to avast (yet) but the malicious pages out there should still be blocked…

system · April 3, 2006, 11:53am

Vlk,

ok, but people judge from what they see and that is hopefully a POC and NOT the REAL THING.

Difficult to test with the REAL THING.

Why not put in a detection for this POC also. Do you need the link?

Vlk · April 3, 2006, 12:13pm

Why not, please send it (them?) to virus@avast.com, hopefully they virus lab guys will agree with you (I do ;)).

Thanks
Vlk

system · April 3, 2006, 12:55pm

Vlk, done, with a copy to you.

I suppose we’ll have to wait an hour or two.

HL

system · April 4, 2006, 4:33pm

Just a little feedback:

The 0614-1, released 04.04.2006 took care of the POC-site I submitted.

Let’s hope it takes care of the real threat as well. :-\

Probably still a week to go before MS releases the final solution.

Thanks for the response.

HL

RejZoR · April 5, 2006, 8:35am

Vlk, regarding that VIA membership or lets say lack of it from the Alwils side…
It’s the question of money right? Most of such stuff is usually… no wonder small companies can’t afford such stuff in all places…

Vlk · April 5, 2006, 4:12pm

I wouldn’t say it’s about money, it’s more like we’re not really interested.

I mean, VIA is a group inside Microsoft whose responsibility is to inform MS users about current threats. Since Microsoft is starting its own AV business, I don’t see a reason why 3rd party companies should cooperate with Microsoft on this…

It’s more like a marketing thing; but I’d say many companies will actually drop their VIA membership after they start feeling offended by Microsoft’s competitive offerings.

RejZoR · April 5, 2006, 11:38pm

Yes, that indeed makes sense…

Microsoft Advisory 917077

Announcements