Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 05, 2016, 10:43:18 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Patch for new Internet Explorer Exploit - updated 9/27/06  (Read 4384 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,406
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Patch for new Internet Explorer Exploit - updated 9/27/06
« on: September 23, 2006, 11:35:51 PM »
Quote
A group of security researchers on Friday posted an unsanctioned patch for the Internet Explorer VML bug, putting more pressure on Microsoft to push its own fix to users before its next scheduled update on Oct. 10.
...
Eric Sites, vice president of research and development at Sunbelt Software, which first reported the vulnerability and exploit earlier this week, also said that attacks were "definitely escalating." In a conversation with a tier 1 support representative at Cox Cable on Friday, Sites said, he was told that the cable operator had several thousand support calls and e-mails backed up, with users reporting a wide variety of complaints, including IE crashes. "That may be a targeted attack," said Sites.



more info on the exploit itself: http://www.techweb.c...e/security/193003570
« Last Edit: September 27, 2006, 11:36:56 AM by mouser »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,406
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Patch for new Internet Explorer Exploit - updated 9/27/06
« Reply #1 on: September 27, 2006, 11:38:09 AM »
new official patch from microsoft:


Quote
Microsoft released a patch for the zero-day VML (Vector Markup Language) security hole yesterday, instead of waiting for October's "patch Tuesday". If you have Windows with updates set to automatic, you probably already have it. If not, see: Microsoft security updates for September 2006


direct link:
http://www.microsoft...ulletins/200609.mspx

Terry

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 25
    • View Profile
    • Falcon21 Home PC Security
    • Donate to Member
Re: Patch for new Internet Explorer Exploit - updated 9/27/06
« Reply #2 on: September 29, 2006, 02:15:27 PM »
You may test whether your Internet Explorer is vulnerable:
http://www.isotf.org/zert/testvml.htm

alxwz

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 117
    • View Profile
    • Donate to Member
Re: Patch for new Internet Explorer Exploit - updated 9/27/06
« Reply #3 on: September 29, 2006, 04:40:30 PM »
You may test whether your Internet Explorer is vulnerable:
http://www.isotf.org/zert/testvml.htm

The site (this particular page, that is) seems to be down/link dead. (?)

Terry

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 25
    • View Profile
    • Falcon21 Home PC Security
    • Donate to Member
Re: Patch for new Internet Explorer Exploit - updated 9/27/06
« Reply #4 on: September 30, 2006, 05:26:04 AM »
Hi, I have just tested it, it is working. Maybe your antivirus blocking it?

alxwz

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 117
    • View Profile
    • Donate to Member
Re: Patch for new Internet Explorer Exploit - updated 9/27/06
« Reply #5 on: September 30, 2006, 06:53:00 PM »
Maybe our stupid proxy server (MS ISA Server). I get a message from the server (just tried it again):

"Error Code 64: Host not available
Background: The gateway or proxy server lost connection to the Web server.
Date: 30.09.2006 23:44:04
Server: <our proxy server>
Source: Remote server"

The rest of the www.isotf.org site displays fine.