More on the IE exploit

Microsoft says Internet Explorer 5.01, 6 and 8 (beta) are also potentially susceptible to the zero-day exploit, published recently. Until now it had been assumed that only Internet Explorer 7 contained the vulnerability. Microsoft recommends that Data Execution Prevention (DEP) and memory protection be enabled in Internet Explorer 7 (Tools/Internet Options/Advanced/Enable memory protection…), but this can only be done in the browser itself in the 32-bit version of Vista. In the 64-bit version of Vista, DEP is automatically globally enabled. Configuring this option via browser settings is not a possibility under Windows XP. Instead, users have to activate DEP for the complete system via System/Advanced/Performance/Settings/Data Execution Prevention.

What’s scary though is that a recent Metasploit module completely evades the DEP function – so much for that … the exploit appears to be introduced to web servers through SQL injection and then made available to visiting users. Moral of the story, stick to Opera or Firefox – both seem to be immune to a large portion of IE vulnerabilities.

MS SQL vuln and Microsoft patch madness

Yet another zero-day vulnerability has been found in a Microsoft product, the 3rd this week. The MS SQL issue relates to a remote code execution bug in a stored procedure. All you can do is a. make sure there is no external access to your SQL servers using authentication or b. take them offline – mad news for MS SQL fans.

The other 2 zero-day bugs are in IE7 and the Wordpad text converter for Word 97. Granted that’s an old version of MS Office but I think you may be impressed by how many copies are still in use.

This past Patch Tuesday was the largest in 5 years with 28 patches being released. Attack code has also been released for the IE7 zero-day vuln and it’s possible to completely hijack a machine just by visiting the wrong website. Things aren’t being made easier by the compromise of legitimate sites that causes IE 7 users browsing them to be hit through the use of iframes.

Lastly, a new version of the Koobface worm ( targeting Facebook users ) has surfaced – it generates messages to friends of infected users then directs those friends to websites where it is recommended that a new version of Adobe Flash Player be downloaded with the inevitable results …

FSF files suit against Cisco

The Free Software Foundation has filed a law suit against Cisco for alleged breaches of copyright in, specifically, many Linksys products ( WRT-series comes to mind as having OSS software ).  Apparently the 2 have been in discussions since 2003 but it appears that Cisco have gone into dormant mode as there are still apparently issues with copyright in their products. One has to wonder why Cisco would tarry as the FSF has been 100% successful in prosecuting OSS software copyright cases. But we also see the attempt by most to first string OSS developers along and then to capitulate when the FSF gets involved. Let’s see if Cisco will do the same or try to fight what is surely to be a losing battle as the GPL is now battle hardened in the  legal sense.