• MS-DEFCON 2: Problems with the patches – and an exploit

    Posted on February 18, 2009 at 08:49 CST by Comment in the Forums

    Trend Micro notes that their researchers have found a very limited, targeted exploit for the Internet Explorer 7 hole patched last Tuesday by MS09-002.

    Details are sketchy, but this is what I’ve been able to figure out so far. The exploit arrives in the form of a Word document, attached to a piece of spam. The spam is highly targeted – which probably means Trend Micro has only seen it on mail addressed to one organization.

    The bad document is caught by Trend Micro and flagged as a virus. If you insist upon opening the doc, it includes ActiveX controls which are (surprise!) fed to Internet Explorer. If you have IE 7 installed on your computer, you’re vulnerable.

    I have no idea how the ActiveX controls kick in – if you have to click something, or if merely opening the doc is sufficient. I also have no idea what happens if Firefox is your default browser – Firefox doesn’t recognize ActiveX, of course. Lots of unanswered questions. But the bottom line is that Trend Micro has seen a bad .DOC file that takes advantage of the hole patched by MS09-002.

    Susan Bradley at Windows Secrets Newsletter has discovered that installing last Tuesday’s Killbit patch, KB 960715 can make some Visual Basic programs toast.

    I suggest that you continue to wait to install last Tuesday’s patches.

    Patience, grasshopper.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.