Microsoft is releasing a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address recent malicious attacks against Internet Explorer, also know as Download.Ject.
Windows customers are encouraged to apply this configuration change immediately to help be protected from current Internet Explorer exploits. The update is available on Windows Update.
Customers using Windows XP SP2 RC2 do not need to apply this update.
View: KB Article 870669 - How to disable the ADODB.Stream object from Internet Explorer
Download: Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer
View: Information on Download.Ject exploit
News source: Neowin's Back Page News
Windows customers are encouraged to apply this configuration change immediately to help be protected from current Internet Explorer exploits. The update is available on Windows Update.
Customers using Windows XP SP2 RC2 do not need to apply this update.
View: KB Article 870669 - How to disable the ADODB.Stream object from Internet Explorer Download: Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer View: Information on Download.Ject exploit News source: Neowin's Back Page News
Areas of concentration in the DirectX 9.0 SDK Update (Summer 2004) RC0 release are:
- HLSL support for Pixel Shader & Vertex Shader 3.0
- Effects Framework performance improvements
- Pre computed Radiance Transfer improvements
- New Sample framework
- New & Updated Samples
- PIX tool for better debugging of Direct3D applications
- Introduction of the Preview Pipeline for easier content creation
grr...
Not a spelling error but a grammatical mistake. More annoying and impermissible.
No, just your regular neighbor who happens to be literate. We're nothing compared to the Firefox Nazis and their in-your-face attitude.
And
We strongly recommend that you use different methods to provide this functionality. For example, you may use an application or a control that requires the user to deliberately access the hard disk.
So, you have a benign control that is useful, mix it with a crap buggy heap of poo like IE and you get a security issue. But wait! Let's f**** up an established intranet method instead of fixing the program that allows the exploit. Wonderful. Apply the update and your intranet solution dies. Don't apply it and you're vulnerable to the exploit. Great choice.
As to "use different methods", NAV chokes on Scripting.FileSystemObject (which you might use) unless you switch script blocking off. So you have to write an app or control (or buy one, which is most likely) just so you can keep the functionality you've probably had for several years. Thanks for nothing M$.
Edit: further on in the KB it has a "workaround" for intranets. Unless there's a group policy that can alter the registry so some poor loser hasn't got to manually configure the hundreds of machines in a corporate environment, that'll raise hackles too. That notwithstanding, the default security level for Internet should be "High" anyway...
Last edited by 11566 on 02 Jul 2004 - 12:30
All virtues aside, I actually prefer this method because if other exploits surface in the future, at least they won't be able to expoit it using ADODB.
Last edited by 1340 on 02 Jul 2004 - 12:53
Though I suppose if you still use IE you might find this useful. Otherwise wait for someone to troll here and tell you to use Opera (whoops).
B - O - R - I - N - G
The statistics must be lying.
The statistics must be lying.
Acctually, I think he was talking about browser S&M.
r t f a
r t f a
he has got RC1 dip****!!
If he has RC1, and the article clearly states that RC2 does not need the update, then RC1 will need it.
ROTFLMAO
It so happens a patch has been released for Win9x. Windows Updates has it
thanks
I checked the registry and it seems I already have it fixed.
Maybe it was part of a previous fix??
just install the damn thing jeez
I do not want to be telling people install this! but I have no idea what it does!
Just trying to be more clear about exactly it all.. geeze. get a life man. don't reply if you are not going to be any help.
Perhaps it is even imposible to fix everything. This last broswer bug. It is said that this bug should have been fixed 6 years ago! At work I already only use Linux. It is suprisingly, it really works fine. More and more people realize or should realize that there are alternatives. Windows just konzentrated to the Server and business users. The desktop itself is still nearly the same as 1995. Now they build again the IE team to enhance the browser. This thing is in use by everyone! This thing should get more attraction than a new DRM scheme for the Media Player. Well. Just my thoughts.
Linux has had as many bugs as windows if you pick a distro (so it includes all of the components, instead of just the kernel). They just don't affect nearly as many people
I imagine Microsoft will respond to this by offering a patch that doesn't fix the problem, but rather disables whatever is vulnerable. They've done this with so many other things. Pretty soon there will be a huge, bloated browser built into Windows with half the features it originally had because they'll be disabled.
Lo and behold, they say "Turn off ADODB.Stream... we'll have a real fix later. Maybe."
though with the large economy size cluebat there is hope for teaching em..
UNfortuneatly, not quite fast enough to prevent thousands/millions of identity thefts and zombie/spam comps, gawd only knows what else.
So, while i weep for the disfunctional webforms, and all the admins who might pull (one hopes paid) OT hrs fixing MS's kludge workaround, Yes, It Is Better to have some crappatch than no patch at all.
Gripe on the forums if you WANT to, but MS is asking email submissions of folks opinions on the next gen upgrade to IE,.. and in the interest of Internet Security, which is vastly different from personal or even enterprise security, PLEASE bother to make your opinions heard in Redmond. Griping HERE doesn't quite reach the source of the problem.
Ya wanna good patch? Tell billy. Telling US doesn't do any good.
Internet explorer, IIS, and XP seem to be all produced by the same bunch of chimps. To ship an operating system with the glaring RPC bug that XP had (which I suffered from twice when re-installing) is incredible, but to keep going with the catalogue of flaws that MS have is some achievment. And I'm not anti-microsoft slashdot viva la revolution parrot, I just think the sooner longhorn ships with .net as the core, the better. God only knows where their C++ programmers were hired from, or who hired them.
avoiding getting infected by blaster is easy. install while not connected to the internet. Enable ICF on first boot, then plug in network card. Download SP1, install, unplug network cable (ICF isn't enabled while booting, so you can get infected). Boot, plug in, download RPC patch, install, protected.
Perhaps Microsoft should really work on making firewall settings active as soon as the network interface is brought up...
very easy to do if you have some spare time and use http://greenmachine.msfnhosting.com/XPCREATE/
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.