Talk of Qhosts, the recently rampant exploit of vulnerabilities in
Internet Explorer has been *all over*the security-focused forums.
One story covering the problems (if you've seen the groups, you've
heard about this) ...
http://www.informationweek.com/story/showArticle.jhtml?articleID=15201154
However, it's *NOT* a trojan. It is Activescripting code(TM) that
uses one of many security holes in Internet Explorer which can
include browsers such as AOL, and many "independent" email programs,
all of which use the Internet Explorer HTML and DHTML engines....read
about it here:
http://www.smh.com.au/articles/2003/09/11/1063249516080.html
Microsoft has FINALLY issued a patch for the exploit used by Qhosts.
http://www.microsoft.com/security/security_bulletins/ms03-040.asp
Most users should go to the Windows Update site (Tools-Windows Update
in Internet Explorer) to apply the patches. The patches are labeled
there as:
Security Update for Windows Media Player (KB828026)
October 2003, Cumulative Patch for Internet Explorer 6
Service Pack 1(KB828750)
The link above quickly explains what the patch is all about.
One of the fixed problems could result in execution of arbitrary code
simply by reading an e-mail message, so the problem is quite a serious
one. Others would require that the attacker lure the victim to a web
site and have them view a page containing the attack.
NOTE:The patches may cause "HTML Help" to no longer function properly.
If
this happens to anyone, the fix for that is located HERE:
http://support.microsoft.com/default.aspx?scid=kb;en-us;811630
The above link will replace HTML Help with one that can work with the
patches.
No, we haven't taken leave of our senses. We really are recommending
you do this. Our examination of the patches has determined that for
the major vulnerabilities of concern, they HAVE been fixed. However,
we STILL urge caution with permitting scripting to function in the
normal "internet zone" of Internet Explorer, and to move any sites
that you TRUST and absolutely *must* have scripting enabled to the
"Trusted Sites" zone within Internet Explorer. Microsoft offers
instructions on how to setup "Trusted sites" so that you can heavily
restrict normal web browsing to protect against future exploits to
the best degree possible with Microsoft's browser and email here:
http://www.microsoft.com/windows/ie/using/howto/security/setup.asp
Microsoft's patch DOES deal with most of it, we're still studying other interactions, but so far, it does seem to help the particular hole which was exploited. If we discover remaining holes, we'll let folks know if someone else doesn't spot them first ... however THIS patch is serious enough to be STRONGLY RECOMMENDED for our customers who choose to continue using Internet Explorer and Outlook Express rather than other available software for browsing the internet and mail and news reading.
Even in a situation where you're using an alternate browser (like
AOL) other than Opera,Netscape, Mozilla or the new "Firebird", then
you're STILL using the Internet Explorer browser and its HTML
rendering agent, same is used by MOST alternative email programs. If
it displays HTML in email, chances ARE it's using Internet Explorer.
Best go and collect that patch since anything that USES Internet
Explorer's "engine" is vulnerable to this exploit. So far, it looks
like it apparently HAS been patched ...
____________________________________________________________________________
You are receiving this email as part of our Opt-In Newsletter program.
You have either opted in with us or through Digital River. We value
your privacy. If you wish to stop receiving these, please email
newletter@nsclean.com with the subject of OPT-OUT and ONLY the email
address(es) to be deleted in the body of the message. If you have
received multiple copies of the mailing in error, please email
newsletter@nsclean.com with the subject of MULTIPLE and list ONLY the
email address(es) to be deleted in the body of the message, we will
retain the primary address and send one copy to you in the future.
Thank you.
©2003 Privacy Software Corporation. All rights reserved.