main

Microsoft to release IE configuration change today

Tom Warren   on 02 July 2004 - 11:40 · 67 comments & 13729 views

Advertisement (Why?)
Microsoft is releasing a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address recent malicious attacks against Internet Explorer, also know as Download.Ject.

Windows customers are encouraged to apply this configuration change immediately to help be protected from current Internet Explorer exploits. The update is available on Windows Update.

Customers using Windows XP SP2 RC2 do not need to apply this update.

View: KB Article 870669 - How to disable the ADODB.Stream object from Internet Explorer
Download: Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer
View: Information on Download.Ject exploit
News source: Neowin's Back Page News


Areas of concentration in the DirectX 9.0 SDK Update (Summer 2004) RC0 release are:
- HLSL support for Pixel Shader & Vertex Shader 3.0
- Effects Framework performance improvements
- Pre computed Radiance Transfer improvements
- New Sample framework
- New & Updated Samples
- PIX tool for better debugging of Direct3D applications
- Introduction of the Preview Pipeline for easier content creation

Post a comment · Send to friend Comments · There are 67 additional comments
(8 replies) #1 kawai on 02 Jul 2004 - 11:48
I don't think you need to apply this if you are using XP SP2

#1.1 Fally on 02 Jul 2004 - 12:56
That is exactly what the last line of the article said... Glad to see your paying attention.
#1.2 chacho on 02 Jul 2004 - 14:59
QUOTE (#1.1)
Glad to see your paying attention.

grr...
#1.3 Makaveli7 on 02 Jul 2004 - 16:54
oh no someone made a spelling error. CALL ZEE POLIZE~!
#1.4 em_te on 02 Jul 2004 - 19:09
QUOTE (#1.3)
oh no someone made a spelling error. CALL ZEE POLIZE~!

Not a spelling error but a grammatical mistake. More annoying and impermissible.
#1.5 PseudoRandomDragon on 02 Jul 2004 - 21:28
Yes, if you make too many you invoke the wrath of the grammar nazis!
#1.6 SimplyPotatoes on 02 Jul 2004 - 21:57
grammar nazisisis KEKEKEKEK in korea we have grammar nazi soup with rice noodles, best mannar !
#1.7 Grope for Luna on 03 Jul 2004 - 07:03
I'll bet they serve grammar nazi soup at this Korean bar:



#1.8 em_te on 04 Jul 2004 - 15:43
QUOTE (#1.5)
Yes, if you make too many you invoke the wrath of the grammar nazis!

No, just your regular neighbor who happens to be literate. We're nothing compared to the Firefox Nazis and their in-your-face attitude.
#2 Master MX on 02 Jul 2004 - 11:50
Cool, thanks for that.
#3 shao on 02 Jul 2004 - 11:59
doesn't appear to be on wu5, or available by synchronising a software update services server. Hopefully it will be soon though.
(1 reply) #4 mrbester on 02 Jul 2004 - 12:25
From the KB
QUOTE
When an ADO stream object is combined with known security vulnerabilities in Internet Explorer, a Web site could execute scripts from the Local Machine zone

And
QUOTE
Any line-of-business Web application that requires a file to be loaded or to be saved to the hard disk may use the ADODB.Stream object in Internet Explorer. For example, if an intranet server hosts a form that an employee must download and fill out, the ADODB.Stream object is used to obtain the file and to save the file locally. After the user edits the file locally and submits the file back to the server, the ADODB.Stream object is used to read the file from the local hard disk and to send the file back to the server.

We strongly recommend that you use different methods to provide this functionality. For example, you may use an application or a control that requires the user to deliberately access the hard disk.


So, you have a benign control that is useful, mix it with a crap buggy heap of poo like IE and you get a security issue. But wait! Let's f**** up an established intranet method instead of fixing the program that allows the exploit. Wonderful. Apply the update and your intranet solution dies. Don't apply it and you're vulnerable to the exploit. Great choice.

As to "use different methods", NAV chokes on Scripting.FileSystemObject (which you might use) unless you switch script blocking off. So you have to write an app or control (or buy one, which is most likely) just so you can keep the functionality you've probably had for several years. Thanks for nothing M$.

Edit: further on in the KB it has a "workaround" for intranets. Unless there's a group policy that can alter the registry so some poor loser hasn't got to manually configure the hundreds of machines in a corporate environment, that'll raise hackles too. That notwithstanding, the default security level for Internet should be "High" anyway...

Last edited by 11566 on 02 Jul 2004 - 12:30
#4.1 em_te on 02 Jul 2004 - 19:15
QUOTE (#4.0)
But wait! Let's f**** up an established intranet method instead of fixing the program that allows the exploit. Wonderful.

All virtues aside, I actually prefer this method because if other exploits surface in the future, at least they won't be able to expoit it using ADODB.
(2 replies) #5 tmaxxtigger on 02 Jul 2004 - 12:28
Interestingly enough, it installed on sp2.
#5.1 creamhackered on 02 Jul 2004 - 12:36
Which build? RC2?
#5.2 Blizzard_X on 02 Jul 2004 - 12:41
yes, it will install on sp2... just in case a security freak doesnt believe sp2 will not protect him...

Last edited by 1340 on 02 Jul 2004 - 12:53
#6 DJ Prem on 02 Jul 2004 - 12:38
Hope it's added into SP2
(1 reply) #7 louiskhorweiwu on 02 Jul 2004 - 12:38
Surely this is just a workaround and not a proper patch yes/no? The article talks about disabling functionality without clear instructions how to re-enable it (I assume you just delete the registry entry).

Though I suppose if you still use IE you might find this useful. Otherwise wait for someone to troll here and tell you to use Opera (whoops).
#7.1 Blizzard_X on 02 Jul 2004 - 12:43
or firefox or switch to a different os like linux or mac os...
(8 replies) #8 blackspawn on 02 Jul 2004 - 13:10
The change in configurations is: "Stop using IE and start using Firefox" (gotta follow my own advice and dump MyIE2... I have FF on my laptop but my desktop still has MyIE2)
#8.1 TGD on 02 Jul 2004 - 14:02
Do you have anything of worth to add, other than "FIREFOX RULES!!"?
#8.2 Yakkob on 02 Jul 2004 - 14:47
QUOTE
"Stop using IE and start using Firefox"


B - O - R - I - N - G
#8.3 rogerroger on 02 Jul 2004 - 18:13
Here's one for ya ... .. . Firefox dominates!

#8.4 OptiPlex on 02 Jul 2004 - 18:19
Firefox dominates? REALLY?

The statistics must be lying.
#8.5 Mav Phoenix on 02 Jul 2004 - 19:15
^Good one.
#8.6 mrk on 02 Jul 2004 - 20:57
statistics based on avergae home users and newbies
#8.7 Relativity_17 on 02 Jul 2004 - 22:00
I wanna see the statistics for percentage of Firefox users infected with some form of spyware, versus the percentage of IE users infected with some form of spyware...
#8.8 inziga on 02 Jul 2004 - 23:48
Firefox dominates? REALLY?

The statistics must be lying.



Acctually, I think he was talking about browser S&M.
#9 ACTIONpack on 02 Jul 2004 - 13:17
Will they put the fix in Windows Update?
(5 replies) #10 a_witko on 02 Jul 2004 - 13:31
I'm using sp2 rc1... does that mean i need this update thingo?
#10.1 Apollo on 02 Jul 2004 - 13:48
*sigh*
#10.2 chacho on 02 Jul 2004 - 15:00
QUOTE (#10.0)
Customers using Windows XP SP2 RC2 do not need to apply this update.

r t f a
#10.3 theLANDofSMEG on 02 Jul 2004 - 15:45
QUOTE (#10.2)
QUOTE
Customers using Windows XP SP2 RC2 do not need to apply this update.


r t f a

he has got RC1 dip****!!
#10.4 markjensen on 02 Jul 2004 - 15:55
Hey. Chaco answered the question.

If he has RC1, and the article clearly states that RC2 does not need the update, then RC1 will need it.
#10.5 dismuter on 02 Jul 2004 - 22:10
Chaco underlined the not, so he misread the question. If he had read properly he would have underlined RC2.
(1 reply) #11 thekid7590 on 02 Jul 2004 - 13:35
ATTENTION!!!!

QUOTE
Customers using Windows XP SP2 RC2 do not need to apply this update.
#11.1 Ficman on 02 Jul 2004 - 14:42
Does this mean the XP Sp1 people do need to apply this one...

ROTFLMAO

(1 reply) #12 supersaiyanjericho on 02 Jul 2004 - 14:40
I just checked with Windows Update and it doesn't have this patch yet.
#12.1 Techo on 02 Jul 2004 - 18:23
It seems be there now .
(4 replies) #13 GatorV on 02 Jul 2004 - 15:35
Does this mean that Win9x users don't need to apply the patch??
#13.1 cooldude7273 on 02 Jul 2004 - 16:51
I don't think that they release updates for 9x anymore... so its not possible....
#13.2 Techo on 02 Jul 2004 - 18:20
I remember reading that Microsoft extended the update release date for Win9x? Win9x/ME can run IE5 and IE6 and the article http://support.microsoft.com/default.aspx?kbid=870669 , does mention that it applies to IE5 and IE6. So perhaps this patch isn't necessary for win9x/me or they will release it a bit later? becuase the patch does apply to all WinNT type OS's, including WinNT.
#13.3 Techo on 03 Jul 2004 - 02:04
update: the vurnebility affects NT machines only, so that's why no win9x/me where released.
#13.4 Techo on 03 Jul 2004 - 16:07
update2: sorry for the misinformation, apparently I got it from a similar question and reply on the MS newsgroups. It's a flaw in IE not the OS.

It so happens a patch has been released for Win9x. Windows Updates has it
(1 reply) #14 theLANDofSMEG on 02 Jul 2004 - 15:46
so what configurations changes does this actually change? how would I do this manually?

thanks
#14.1 Grope for Luna on 03 Jul 2004 - 07:07
http://support.microsoft.com/default.aspx?kbid=870669

I checked the registry and it seems I already have it fixed.

Maybe it was part of a previous fix??
#15 Mister Lamar on 02 Jul 2004 - 16:06
Ill install this now
(2 replies) #16 mistical on 02 Jul 2004 - 17:32
So is everyone except SP2 users suppose to install this patch? I guess it is not that clear.... it looks like it but I do not want to go suggesting everyone install this patch if not..
#16.1 DrOmango on 02 Jul 2004 - 17:56
DOES IT MATTER WHAT VERSION YOU HAVE!?!?
just install the damn thing jeez
#16.2 mistical on 02 Jul 2004 - 18:30
lol I love neowin users such as yourself.

I do not want to be telling people install this! but I have no idea what it does!

Just trying to be more clear about exactly it all.. geeze. get a life man. don't reply if you are not going to be any help.
(2 replies) #17 quick on 02 Jul 2004 - 18:46
It's on windows update now.... and shows up in SUS (Software update services) as well now..

#17.1 tmeg on 02 Jul 2004 - 19:56
I found I have 120 updates already installed. The installation history is interesting to this regard. And at the beginning MS said that XP is so secure, unbelievable. And they said that it runs so much longer that before and that so much bugs are fixed. Well it was a joke. They also where crying because there was the rumor that thousands of bugs where not fixed before release. I doubt that at that time. But now I think, they really have still a lot to do.
Perhaps it is even imposible to fix everything. This last broswer bug. It is said that this bug should have been fixed 6 years ago! At work I already only use Linux. It is suprisingly, it really works fine. More and more people realize or should realize that there are alternatives. Windows just konzentrated to the Server and business users. The desktop itself is still nearly the same as 1995. Now they build again the IE team to enhance the browser. This thing is in use by everyone! This thing should get more attraction than a new DRM scheme for the Media Player. Well. Just my thoughts.
#17.2 incubusdaemon on 03 Jul 2004 - 09:11
News flash:

Linux has had as many bugs as windows if you pick a distro (so it includes all of the components, instead of just the kernel). They just don't affect nearly as many people
(1 reply) #18 WishX on 02 Jul 2004 - 19:52
I'm not the sort to say, "I told you so", but hey... I told you so... From the previous posting about being warned to use another browser:

QUOTE
#4 Posted by WishX on 30 Jun 2004 - 16:38
I imagine Microsoft will respond to this by offering a patch that doesn't fix the problem, but rather disables whatever is vulnerable. They've done this with so many other things. Pretty soon there will be a huge, bloated browser built into Windows with half the features it originally had because they'll be disabled.


Lo and behold, they say "Turn off ADODB.Stream... we'll have a real fix later. Maybe."

#18.1 reddsoda on 03 Jul 2004 - 17:20
It's a feature that shouldn't have been enabled. So to fix it, they have to disabled it.
#19 MitchShrader on 02 Jul 2004 - 20:04
three things... one, yes, IE has got to seriously improve QUICKLY or be obsolete and a joke forever.. (no, it's not Quite so yet,.. security geeks and power users will differ, but Joe Sixpack and Jane Newbie don't know from FF or Opera, (honest!) .. )

though with the large economy size cluebat there is hope for teaching em..

UNfortuneatly, not quite fast enough to prevent thousands/millions of identity thefts and zombie/spam comps, gawd only knows what else.

So, while i weep for the disfunctional webforms, and all the admins who might pull (one hopes paid) OT hrs fixing MS's kludge workaround, Yes, It Is Better to have some crappatch than no patch at all.

Gripe on the forums if you WANT to, but MS is asking email submissions of folks opinions on the next gen upgrade to IE,.. and in the interest of Internet Security, which is vastly different from personal or even enterprise security, PLEASE bother to make your opinions heard in Redmond. Griping HERE doesn't quite reach the source of the problem.

Ya wanna good patch? Tell billy. Telling US doesn't do any good.
(4 replies) #20 sloppycode on 02 Jul 2004 - 23:35
wow i think i wondered into a forum for 12 year old script kiddies, judging from the playground comments.

Internet explorer, IIS, and XP seem to be all produced by the same bunch of chimps. To ship an operating system with the glaring RPC bug that XP had (which I suffered from twice when re-installing) is incredible, but to keep going with the catalogue of flaws that MS have is some achievment. And I'm not anti-microsoft slashdot viva la revolution parrot, I just think the sooner longhorn ships with .net as the core, the better. God only knows where their C++ programmers were hired from, or who hired them.
#20.1 incubusdaemon on 03 Jul 2004 - 09:09
no comment on the stupidness of MS and it's bugs, but:

avoiding getting infected by blaster is easy. install while not connected to the internet. Enable ICF on first boot, then plug in network card. Download SP1, install, unplug network cable (ICF isn't enabled while booting, so you can get infected). Boot, plug in, download RPC patch, install, protected.
#20.2 markjensen on 03 Jul 2004 - 12:02
That is not a very intuitive process....

Perhaps Microsoft should really work on making firewall settings active as soon as the network interface is brought up...
#20.3 reddsoda on 03 Jul 2004 - 17:19
xp sp2 and 2003 sp1 has this update.
#20.4 ctn|chrisw on 04 Jul 2004 - 10:32
the best way to not get infected is to make a custom slip streamed xp cd with all the latest updates.

very easy to do if you have some spare time and use http://greenmachine.msfnhosting.com/XPCREATE/
#21 Randall_Lind on 03 Jul 2004 - 00:46
About damn time they told people to fix it
#22 SAMSAMHA on 03 Jul 2004 - 05:24
thanks for the info.
(2 replies) #23 TR1GG3R on 03 Jul 2004 - 08:54
lol m$ really have got their heads up their asses sure i aint clever enought to fix/sort things but why dont they rls a patch/file to remove the bloody bug ridden iehell 6 outa xp/sp2 same as wmp,movie maker 2 i know this has been said b4 but u would think the f*cks would get the picture nowbody wants the crap on their system (no doubt sum 1 will say u can remove these urself and i know but its better if they remove it dont ya think ? ) there we go ive had my lil rant for tha mornin l8rs all
#23.1 Sn1p3t on 03 Jul 2004 - 18:28
If you look between your COMMA key and your FOWARD SLASH key, there is a little key called a PERIOD. Learn to use it.
#23.2 TR1GG3R on 03 Jul 2004 - 22:32
and if u read the end part u would see the word mornin (as in i juss got up) u lil tickturd tell me wot to do
#24 thexfile on 03 Jul 2004 - 18:17
I noticed after installing this patch my pop-up blocker became useless on blocking!!!

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)