Reviews:
 ·MTS
| reply to Smokey Bear
Re: [REVISED] MS Security Advisory 979352 - Vulnerability in IE The thing that's really scary about this (and similar issues) is the large number of corporate and gov't users that still have IE 6 as the standard browser. Mine included. My home PC is quite likely a lot more secure than my work PC. And it's unfortunate I have no control over patching and updating it. At least I know enough not to open those dodgy emails, click suspicous links, surf to who-knows-where. But as for the 30,000+ other people where I work...  We have to rely on the other security measures in place.
Trying to keep 30,000 or so users educated on security issues is also next to impossible. There's at least one wingnut in the bunch that will do what they shouldn't. And I've spoken with several...  |
|
mysecPremium
join:2005-11-29
kudos:4 | Same old type of IE exploit Like most IE exploits, the payload in this case is a trojan executable:
IExplorer 0day CVE-2010-0249 – Exploit-Comele / Hydraq / Aurora
»extraexploit.blogspot.com/2010/0···249.html
The following shown the point of code where it’s used the urlmon.dll method to download the binary “ad.jpg” :
(My bolding) He refers to a screenshot of the exploit code showing urlmon.dll. This method has been used in countless IE vulnerabilities.
This is not to downplay the severity of an unpatched exploit, but just to show that those security-minded people who keep on top of things would never succumb to an exploit that attempts to download/install a trojan executable.
REFERENCE
»vil.nai.com/vil/content/v_253210.htm
This exploit was used during stage I of Operation Aurora.
Analysis of the initial heavily-encrypted javascript exploit revealed that, if successful, the exploit would cause a connection to 'hxxp://demo[remove].jpg' downloading a malicious, XOR-encrypted binary that we detect as Roarur.dr.
----
rich |
|
| where can we download this patch? |
|
| it will posted as and when it has been finalized and will be available at the windows update site |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
·Bell Sympatico
| reply to slajoh01
It's all in dp  's post
»Advance Notification for Out-of-Band Bulletin Release |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to mysec
McAfee tool, Aurora Stinger, released yesterday, detects and repairs all known variants of Aurora.
»siblog.mcafee.com/cto/stay-tuned···e-patch/
Download here:
»vil.nai.com/vil/averttools.aspx
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| hayc59 got the jump on you Mele20
»[App Update] McAfee Aurora Stinger 10.0.1.723 |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | This was not just an ORDINARY update of the program. Most of us never or seldom look at Vendors. I checked here in the main forum before I posted but it didn't even occur to me to look in Vendors as that is just for ordinary updates which I can get without looking there. I think hayc59 should have posted it in the main forum.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| Granted many of us don't look in »Security Product Vendors first.
Whether hayc59 should have posted here first was his call, imo it's where it belongs as an app update. Would could quarrel until the cows come home on these sorts of issues.
The way I see it, if an issue arises with a program, a Mod ostensibly would move it here for discussion. |
|
 Grail KnightQui audet adipisciturPremium
join:2003-05-31
Valhalla
kudos:6
 ·Time Warner Cable
| reply to Mele20
quote:
This was not just an ORDINARY update of the program. Most of us never or seldom look at Vendors.
How do you know what most people would do?
hayc59 posted his topic exactly where it belongs per the topic of the thread. (Bolding is mine)
quote:
Security Product Vendors
New products, new releases, revisions, upgrades
--
"Who is the more foolish? The fool or the fool who follows?
|
|
 CudniLa Merma - VigiladoPremium,MVM
join:2003-12-20
Someshire
kudos:13 | said by Grail Knight:hayc59 posted his topic exactly where it belongs per the topic of the thread. (Bolding is mine) quote:
Security Product Vendors
New products, new releases, revisions, upgrades
Agreed. Easy to find too with all in one place
Cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2009 |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | said by Cudni:said by Grail Knight:hayc59 posted his topic exactly where it belongs per the topic of the thread. (Bolding is mine) quote:
Security Product Vendors
New products, new releases, revisions, upgrades
Agreed. Easy to find too with all in one place Cudni This was the first time I had heard of this product! For me, it was NOT something that belonged in "revisions and upgrades" since it was a brand new product as far as I am concerned. I don't recall ever reading about this product in this forum. I almost never visit Security Vendors. A new product should posted here. I don't need a forum to tell me that I should update security products that I have downloaded and use. I can do that just fine on my own. What I do need is a forum that presents new products to users and has a good discussion about them. This forum used to do that and it is not clear currently where a new product should be posted. This is a good example of what has been missing from this forum for some time now. Good discussions about new products! And good discussions when a product is revised to do something special like in this case.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | You have never heard of McAfee Labs Stinger ? |
|
Grail KnightQui audet adipisciturPremium
join:2003-05-31
Valhalla
kudos:6 Reviews:
·Time Warner Cable
1 edit | reply to Mele20
If you disagree with how the forum topics are set up I am sure you know how to post a new thread here.
»Forum Feature Requests
quote:
I don't need a forum to tell me that I should update security products that I have downloaded and use. I can do that just fine on my own.
Thats nice. Now can we get back to the potential thousands of others that do check forums for updates because a smart user will look at updates and feedback (if posted) because more then a few members/users know updates and revisions can cause problems.
Edit*
--
"Who is the more foolish? The fool or the fool who follows?
|
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to siljaline
No, I had not heard about it until I read an article about this IE vulnerability and the writer spoke about this Stinger and the release on the 20th for this IE vulnerability. The article was in Computer World maybe, Cnet, I don't recall exactly as I read several articles about the IE vulnerability. Of course, it is possible I heard about Stinger a long time ago and forgot. That happens more than I would like as I age. 
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 PentangleWith our thoughts we make the world.Premium
join:2006-06-01
Vancouver BC
kudos:1 | I check both forums daily--just seems like the sensible thing to do given the gravity of the subject. |
|
