Hi Ylap,
Thanks for that link to our Lithuanian friend.
They say in the article that locking down the computer may protect against this vulnerability. I like this confirmed. Read: http://www.eweek.com/article2/0,1759,1891447,00.asp
Read more here:
http://www.securityfocus.com/archive/1/427904/30/0/threaded
Stay malware free Ylap,
polonus
simple blocking .hta in Avast! webshield should work fine …
that’s similar to .wmf trick 
Hi Dwarden,
Good analytical thought, and when the patch is there you can uncheck it again. But isn’t it striking that the same holes come up again and again, like in a concert they are variations on the same theme. With IE it is a bit like “Peter and the Wolf”.
polonus
More like Whack A Mole:
http://www.bobsspaceracers.com/frames/playagame.htm
http://www.flashradium.com/Htmdocs/Games/FlashFiles/WhackGame.swf
Update: At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights… here are the results:
Software-based DEP protecting core Windows programs: sploit worked
Software-based DEP protecting all programs: sploit worked
DropMyRights, config’ed to allow IE to run (weakest form of DropMyRights protection): sploit worked
Active Scripting Disabled: sploit failed
So, go with the last one, if you are concerned. By the way, you should be concerned.
Hi forum folks,
Here is the evidence that ActiveX-scripting is at the base of this problem. I would say again. http://securitytracker.com/alerts/2006/Mar/1015812.html
polonus
The simplest solution is to install IE 7 Beta 2 refresh Build 5335.5. It is not vulnerable to this exploit - Download.
You have to uninstall the old BETA 2 first if you have that installed.
IMHO the simplest step in this case is to NOT use the Beta of I.E. 7 period. Just wait until they come out with a finished product. Maybe by then they will get things right for us their bread and butter.
That’ll be the day Neal hell they haven’t had much practice at it have they mate??
That makes absolutely no sense. ??? The latest IE 7 Beta is the only version of IE that is NOT affected by this vulnerability? Not to mention IE 7’s interface is 100 times better than IE 6, you can easily uninstall it if you don’t want it.
Have to agree with that statement.
If you use an IE based browser like I do, it also makes it safer.
tednelly,
Lol, yes me thinks they haven’t had enough practice either. Practice does make perfect in alot of situations. ;D
Along with Bob, I have to say that if you are using IE or any browser based on IE then it would certainly be best to update to IE7 Beta2 version 5335.5 which I did the next day after that version release.
I would not say that IE7’s interface is 100 times better but it is certainly better by some degree. And as Mastertech says, it is easily uninstalled should you want to do so. Actually, I have done that with the latest build and then re-installed it to fix a minor glitch with an add-in for the browser.
Hi CharleyO,
One thing we must conclude, and that is to the benefit of all.
Always update and always patch continuously. That is one of the basic secrets. Then a great help is to surf with normal users’rights, and to reduce the users’ rights for processes with a program like ShareEnum. very informative program to see where your policies are wrong. Only allow scripts when you really cannot do without it also helps a lot towards safe browsing, whatever type of browser you may use. The final conclusion for me burns down to this “a browser is as secure as the owner who uses it”. Period.
polonus
Normal User accounts for any power user are practically useless and not a realistic solution. They are also completely unnecessary with the proper security policies.
Yes, I agree with you on all of the above, Polonus. I get many prompts about scripts & ActiveX because I want to know before rather than after something happens.
The final conclusion for me burns down to this “a browser is as secure as the owner who uses it”. Period.Nothing truer can be said about any browser than the statement above. It is, after all is said and done, up to the browser owner/user to be as secure and as safe as is possible.
Microsoft mulls rushing out IE patch
Microsoft may rush out a security update for Internet Explorer to fix a flaw that is now being exploited to attack Windows systems, security companies say.Computer code that demonstrates how a hacker can use the flaw to take over a PC was released onto the Net on Thursday. At least two such exploits were made public, and one has now been adapted to attack systems, Monty IJzerman, the manager of security content at McAfee, said on Friday.
“This exploit code is being used in the wild in malware,” or malicious software, IJzerman said. “I expect other attacks to be prepared and to be out there over the next few days.”
In a security advisory issued Thursday, Microsoft said it will address the vulnerability in a security update, but did not say when that patch would be delivered. Its next “Patch Tuesday” bundle of fixes is scheduled for April 11. On Friday, however, Microsoft indicated that a security patch might be released outside of the regular cycle.
“It is on the table,” said Stephen Toulouse, a program manager in Microsoft’s Security Response Center. “Every time any kind of exploitation is going on, it is on the table.”
The flaw is the third to hit Microsoft this week. It has to do with how Internet Explorer handles the “createTextRange()” tag in Web pages. A hacker could take advantage of it to gain control over a vulnerable PC by crafting a specially coded Web site, Microsoft said.
McAfee found that a Web site is using the IE vulnerability to sneak malicious code onto vulnerable Windows PCs, IJzerman said. The company has updated its security software to protect against that code, which IJzerman could only describe as something related to spyware.
http://news.com.com/Microsoft+mulls+rushing+out+IE+patch/2100-7349_3-6053961.html?tag=cd.top