IT News Happening Now

IT News Happening NowMicrosoft admits patch didn't fix vulnerability
Microsoft has yanked the security updates shipped in the MS10-025 bulletin after realizing the patch did not fix the underlying security vulnerability. by Ryan Naraine
READ FULL STORY

• Print
• Email
• Thumbs UpThumbs Down
• +17
  19

Microsoft has yanked the security updates shipped in the MS10-025 bulletin after realizing the patch did not fix the underlying security vulnerability.
The withdrawal of the bulletin means that affected Windows 2000 Server users should immediately consider applying mitigations and workarounds to avoid malicious hacker attacks.

The company did not explain why the bulletin was shipped with an inadequate patch. A brief blog post from Microsoft’s Jerry Bryant offered the following:

Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks seeking to exploit this issue and are targeting a re-release of the update for next week.

The issue only affects Windows 2000 Server customers who have installed Windows Media Services (a non-default configuration).
Bryant urged affected users with internet facing systems with Windows Media Services installed to evaluate and use firewall best practices to limit their overall exposure.
The MS10-025 bulletin is rated “critical” because attackers could launchi remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.

I hope everyone reads this and watch for the latest update for MS10-025 Microsoft have done this to further assist in protecting genuine microsoft user due to costs involved in security related issues.

Here’s the skinny from Microsoft’s advisory:

The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
The flaw affects Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

Here’s the danger:

To exploit, an attacker could host a specially crafted Web site, or take advantage of a compromised website, and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these malicious Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message, that directs users to the attacker’s Web site. It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems. The Microsoft investigation concluded that setting the Internet zone security setting to “high” will protect users from the vulnerability addressed in this advisory.

Microsoft is considering an out-of-band emergency IE patch to fix this vulnerability.

regards
jeffreyobrien

Here we go again with this Remote Code Execution deal. A little over a month ago, Firefox users (prior to 3.6.2) were at risk. Now, it's IE across the board. When will this ever stop? The first incident of this (that I'm aware of) was in 2006. Look it up in Wikipedia, this is one of the most severe threats that there is on the internet. You're "lured" into clicking onto a site, and when you do, the damage can begin right then. It can actually take over your computer, making it into a zombie. Whatever you do, don't click onto anything that "pops up", or anything that you don't solicit. I'm glad that with FF, you have an ad blocker, and No Script to help you, to a degree. LOL, why must we go through this again?

catilley,
spot on mate it was was in 2006 with IE 6 Zero day and its back right across the board,again how true how much more of this do we have to put up with as you said catilley this is the most severe threats out there on the internet. You're "lured" into clicking onto a site, and when you do, the damage can begin right then. It can actually take over your computer, making it into a zombie. Whatever you do, don't click onto anything that "pops up", or anything that you don't solicit by yourself.

Dont click on any email links you are not sure of they are sneaky enough as we all have seen this happen and I personally don't want to be going through it again I am keen to know if the new IE9 preview has the same problem.Catilley have you seen or read of anything in regards to IE 9.

Thanks for your input catilley its always right to the point.Microsoft have said that another patch is on its way I hope they are quick with releasing it asap.

regards
jeffreyobrien

Actually, I've been so busy that I haven't given IE9 another thought. I recently upgraded my hard drive, the shortcut to IE9 is no longer there. I do need to redownload it. But with this IE scare, I won' use it.

If you have NoScript installed, you're basically immune to remote code execution unless you download an infected file yourself, voluntarily.

Do as Thrax recommends and there should be no problems.

I just still prefer Firefox! Used it for the past 5 years and love it.

FF is the best! I do and have been using No Script and Adblock Plus for a while. But for the last couple of days, I've been using Pale Moon, an exact twin of FF. It even automatically installed my bookmarks and my browser add ons. It does appear to be slightly faster, but I haven't figured out the point in Mozilla having twins of the same browser on board. And I very seldom allow anything past No Script, but when making purchases, you're often required to temporary allow the site through to complete your transaction. Thanks for the info, Thrax!