• There seems to be an uptick in Political comments in recent months. Those of us who are long time members of the site know that Political and Religious content has been banned for years. Nothing has changed. Please leave all political and religious comments out of the forums.

    If you recently joined the forums you were not presented with this restriction in the terms of service. This was due to a conversion error when we went from vBulletin to Xenforo. We have updated our terms of service to reflect these corrections.

    Please note any post refering to a politician will be considered political even if it is intended to be humor. Our experience is these topics have a way of dividing the forums and causing deep resentment among members. It is a poison to the community. We appreciate compliance with the rules.

    The Staff of SOH

  • Server side Maintenance is done. We still have an update to the forum software to run but that one will have to wait for a better time.

Beware: All IE Versions Vulnerable To Attack

H

hey_moe

Retired SOH Administrator
Microsoft has updated the security bulletin, the released last night for a new and serious Internet Explorer vulnerability. Initially it appeared that the vulnerability was only in Internet Explorer 7, but after further analysis it seems as if all currently-supported versions of IE are affected, including the betas of IE8.'

click on image for full view

The confusion may have come from the fact that the current attacks which brought the episode to light are IE7 specific. But further research shows that the underlying vulnerability is not.

Microsoft also added a number of new workarounds to the advisory. This list includes the old ones and the new ones:
  • <LI itxtvisited="1">Set Internet and Local intranet security zone settings to "High" <LI itxtvisited="1">Disable Active Scripting or set IE to prompt for it <LI itxtvisited="1">Enable DEP (only hardware DEP will help) <LI itxtvisited="1">Use ACL to disable OLEDB32.DLL <LI itxtvisited="1">Unregister OLEDB32.DLL
  • Disable Data Binding support in Internet Explorer 8
See the advisory for details on these workarounds. Does anyone else think that the bug is in OLEDB32.DLL?
On a separate note, a report from the Internet Storm Center shows that the attack is being spread to Web sites through SQL injection attacks that have been popular among the malware set for some time.


<!--include virtual="/common/util_article_parsing_procedures.asp"-->
 
Moe, like some of us know what the OLEDB32.DLL is and does. :rolleyes: :confused: :costumes:

I had an MS Update 2 nights ago, was that it? Nothing lastnight or today for Updates.
 
You must log in or register to reply here.
Back
Top