| Author |
Topic: New Zero-day vulnerability in IE + Out Of Band Patch |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 14 Dec 2008 2:19 pm |
|
Right after Microsoft finished pushing out its last monthly Windows Updates, somebody in China revealed an unpatched vulnerability in IE 5, 6 and 7 and began exploiting it via SQL injection attacks against Microsoft web servers. While Microsoft develops a patch they are advising users to apply some workarounds to protect against this exploit.
First, the company recommends users change the Internet and local intranet security settings to "High" so there will be prompts before running of ActiveX controls and active scripting in these zones.
"Setting the Internet zone security setting to High protects against all currently known exploits of this vulnerability by disabling scripting [and] disabling less secure features in Internet Explorer, and blocks known techniques used to bypass Data Execution Prevention," the Microsoft advisory stated.
If you are equipped with Firefox or Opera browsers I advise you to use them until a patch is released for this vulnerability. If you must use IE, please set your security level to High, for the Internet Zone, and/or disable ActiveX Controls from running. I'll advise you when a patch is available, or you may get it via Automatic Windows Updates.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Last edited by Wiz Feinberg on 16 Dec 2008 3:17 pm; edited 1 time in total |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 15 Dec 2008 7:15 am
|
|
Here is a quick fix recommended by Redmond Washington, that disables the targeted .dll file in the KB-961051 Internet Explorer exploits.
| Quote: |
Unregister OLEDB32.DLL
Run the following commands from a command prompt as an administrator:
• For supported versions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 for 32-bit Systems
Regsvr32.exe /u "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"
• For supported versions of Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems
Regsvr32.exe /u "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"
Regsvr32.exe /u "%ProgramFiles(x86)%\Common Files\System\Ole DB\oledb32.dll"
Impact of workaround: All OLE DB and ADO applications will stop functioning. This includes all ASP/ADO implementations, SQL Server linked services, .Net applications using the System.Data.OLEDB namespace, and some Office functionality that accesses external data. |
After Microsoft has issued a patch for this vulnerability you will need to re-enable the oledb32.dll to restore normal functionality to IE. Here's how.
| Quote: |
How to undo the workaround
Run the following commands from a command prompt as an administrator:
• For supported versions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 for 32-bit Systems
Regsvr32.exe "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"
• For supported versions of Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition, Windows Server 2008 for x64-based Systems, and Windows Server 2008 for Itanium-based Systems
Regsvr32.exe "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"
Regsvr32.exe "%ProgramFiles(x86)%\Common Files\System\Ole DB\oledb32.dll" |
Note, that I have made the commands for 32 bit operating systems bold, as they are the most commonly deployed systems. The commands for 64 bit systems are in normal font weights.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 16 Dec 2008 3:30 pm Out of band patch set for December 17, 2008
|
|
UPDATE
Microsoft today has released news of an out of band patch to be released tomorrow, December 17, 2008, in response to the vulnerability announced in KB-961051.
The full version of the Microsoft Security Bulletin Advance Notification for December 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx.
This patch is for a critical vulnerability in all versions of Internet Explorer still in use, from at least 5.0 through 8.0 beta. Exploit code is already in the wild, being hosted on compromised websites. It is of the utmost importance that you apply this update tomorrow, December 17, 2008, or as soon afterward as possible. If you need time to assess the affects of the patch you should apply some of the workarounds listed in KB-961051, undoing them after applying the new patch.
If your PC is set to receive and apply Windows Updates, there will be one sometime on the afternoon of December 17, 2008. If you choose to perform manual updates, they should be available at approximately 10AM PST, 11AM MST, 12PM CST and 1PM EST, in the USA and Canada.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
