MS-DEFCON 2: Problems with the patches – and an exploit

Topic

New Reply

Trend Micro notes that their researchers have found a very limited, targeted exploit for the Internet Explorer 7 hole patched last Tuesday by MS09-002
[See the full post at: MS-DEFCON 2: Problems with the patches – and an exploit]

Reply | Quote

Replies

wow. pretty. Easy to read for still new-ish.

Reply | Quote

Among the programs toasted by the Killbit patch, KB 960715 is ‘Enveloper’ in WOPR 2003.

Uninstalling the patch restored 100% functionality to Enveloper on Vista Ultimate SP1 32 + 64-bit systems.

Yeah, I know — 2003: time and times move on, but Enveloper remains a component of Word I use almost daily.

Reply | Quote

Great new format! I’m an IT professional and I refer to this site daily so massive kudos on the changes. Thanks. Paul

Reply | Quote

“Susan Bradley at Windows Secrets Newsletter has discovered that installing last Tuesday’s Killbit patch, KB 960715 can make some Visual Basic programs toast. ”
Do you know what a killbit is? If you don’t know, a killbit prevent execution of an ActiveX control in IE. The reason MS pushed out kill-bits in an update is that older versions of the killed ActiveX controls have security vulnerablities. Usually by the time MS releases a kill-bit update, the vendor already has released the security update for the control that fixes the vulerablity, which uses a Phoenix-bit to redirect attempts to load the old version to the new version. For example, one of the ActiveX controls that was killed by this kill-bit update was old versions of the ActiveX controls that shipped with VB6, which already was patched in MS08-070. So the remedy for this one is for the developer to install MS08-070 or KB957924 on their development machine, then redistibute the new version of the ActiveX control.
More at:
http://blogs.msdn.com/askie/archive/2009/02/20/certain-vb-controls-no-longer-display-on-web-pages-after-installing-kb960715.aspx

Reply | Quote

MS have a FAQ on the kill bits and phoenix bits:
http://blogs.technet.com/swi/archive/2008/02/06/The-Kill_2D00_Bit-FAQ_3A00_-Part-1-of-3.aspx
http://blogs.technet.com/swi/archive/2008/02/07/The-Kill_2D00_Bit-FAQ_3A00_-Post-2-of-3.aspx
http://blogs.technet.com/swi/archive/2008/02/08/The-Kill_2D00_Bit-FAQ_3A00_-Part-3-of-3.aspx

Reply | Quote

Hans –

OY! And Microsoft’s solution involves re-compiling the application. Whotta mess.

Reply | Quote

“OY! And Microsoft’s solution involves re-compiling the application. Whotta mess.”
No, just repackaging with the new version of the ActiveX controls.

Reply | Quote

no Yuhong, if you were using ANY of these activex controls on a webpage you now must repackage the .lpk file with the new clsid – only problem is it reverts back to the original clsid of the control –

microsoft screwed up bigtime here !

Reply | Quote

more info from your link

“Typically, you can use the LPK Tool to create a license package. Unfortunately, you cannot do so in this case because the new CLSIDs for the kill-bit/phoenix bit are hidden on your development machine. Only the legacy CLSIDs are available. In this case, you would need to contact Microsoft Support to generate an LPK file for you.”

typically microsoft support costs $259/incident

Reply | Quote

True – but if you can PROVE that it’s associated with a security patch, it’s free.

That’s a big “if” of course.

Reply | Quote