Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Releases Security-Related Configuration Change



 By: Larry Seltzer
2004-07-02
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Update disables vulnerable system component to plug hole that enabled the recent Download.Ject attack.

Microsoft Corp. on Friday released what the company termed a "configuration change" to several versions of Windows in response to the recent attacks designated Download.Ject against its Internet Explorer browser.

The change disables a system component called ADODB.Stream that was utilized by the attack to execute code on the victims system. The change will be available Friday on the Windows Update site and through the Automated Updates facility. It is now available on the Microsoft Download Center.

In a statement, the company said, "In addition to this configuration change, which will protect customers against the immediate reported threats, Microsoft is working to provide a series of security updates to Internet Explorer in coming weeks that will provide additional protections for our customers."

Resource Library:

Following that, Microsoft will release Windows XP Service Pack 2, which will make substantial changes in the operating system to enhance security. The companys description of the Download.Ject attack says that users of the prerelease versions of Windows XP Service Pack 2 were not vulnerable to Download.Ject. The company also stressed that it is working with law enforcement and others in the industry to pursue those responsible for the Download.Ject attack.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

The vulnerability of the ADODB.Stream object has long been known by security researchers and has been discussed widely. This discussion from August 2003 on the SecurityFocus Vulnerabilities section describes the problem and a manual implementation of the same solution as Microsofts.

Check out eWEEK.coms Windows Center at http://windows.eweek.com for Microsoft and Windows news, views and analysis.

Be sure to add our eWEEK.c om developer and Web services news feed to your RSS newsreader or My Yahoo page



  Reader Comments: Microsoft Releases Security-Related Configuration Change
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
 


x}r㶲s\@♵M=ҔlɶVlҌ3SHHbLZ$KreoВ/g6ЍFh|G·$i9crsݩk|jx֢w.w}!Yf0TE[ ]Ϥ^=Am۟@t 5v9:r z>>;|9|@vD%j'A]k|c{F}W2z5m0 fE1;&I-s!%2?K;'?*B=]2HXߦuɷ~{Xe;7 CxKd/B(?F#c?9CvA0/PcwҴ?쓡7@Sա*v25v+n /@^c\ȁY\nh=7dc7l#205ARZ [XdTZ wӡk)u8r z08ryj5jfO-{n_w$z(֛z$=+~bA2xưaIHo*! lpa#P[yyN f uȭB ¿{k׳߀Cݸ{1ܳM`E-"'l,R ?q7uBazH&5\O, "9˾,ft0eȆ}sRM*AR,הb(^Y-Ypoz_{gJY4E.:9~`h v$ yEs3^_D_*0QI- i|/ Z@?fN{#x[ԊhZAAvIna̳| 3+i3*5dNߒ-~k~>F,3sAT4 ̠K`W+eP>n]?_s\w.Z9^VsCV=BCj`BӹciuuUZz`Ck'ޮC&A?΃utSOg|JMk>uI< EC#ɠ:ڴ;\V4!>F&MЀ wG|hx:,,Abχ&a`M?F#m| &>v\l8d $n)ssLn-)σ5[ѽk:?`#0.Zm{ $8ʼE]ubsBݷ|{ޚꖭ-L<ģܠϨ(~~9-WRC/0tKt=r=6\?8{y4%2;~L'[BSjb35-F|' +#Všk?Lg,.gK q{y]ؕ.RL||nN >v?|4'Z>pd`/Rݷu?٤ RXO%}T5&Ccl ԑq,YX6Tȵm.0}u灄( }Zj[<9Ro> < đMTBYaT(l];(}12qŝa&1\?@R)Ö1Swhi'ljm*I՗bAQ KkMf٧gL䱯3ۊ'4`D ڸ/)cpGl^~<Ӈ>B SK@'Z``ELkǖYCǖbT۔І|T=Oq@%УCizi}~هF9#,!߬'Hqw,"JPVbjxSC+jrPT+ ov Ls)' Sf5ǁ;d񺟟ˬ7? _ڀ^Sz3gn-%sO3\aQƖ]4FXXH]-'H̎OƚR*%)Ps0ڝ+*h3siyz0_n?9!GjאjVN>Y7i`19R2f`KPs hԻubH=#C`BEWFڬz,.``!>?N=1Ȩk 05-tq]U*jAe/yUbY چHB&:GdH+`Zv*ݧ1Um$R*C01^*== 7S_ -ʖ~kѲՆgQy>cIۛgor<9yn2$8z0JL;%95$_ۂ3BItLeb`lԍLnb*r1=_?J= [L4G@V1-0g7=;%(4OQkX9 6?b(Z6Xil=v? 9{$2L3sqS))rL*H+ů 3Fˁ; _.4aHzGRUe@4yJ3k % =EЋvcSLB]ITY)(q g@Zf2U)+e"m=O f,(U|` &RrEuEl&ŏ[o(UrvݏG~T>Uud*+ZR^?* 9 ^M lZq~XC kpo= 2j=uR`fK&_vܖ[J,]A>a u0 glrKz]wּXC8̕KqlGϱ+Kz&@utS6ndUT :*ijARϢpӁ9tGl~" tDe2qy27(۞kMY@ &|ݙadJfT.jZb[)Uʹwc"i!`0Xޫ=bxHp?l]Z.+BvA *s>P9ɷwnj‰?8 +~7?l)ɡXXD>DiF\{e">QP(k㘘= ת[( L $q%YUihja{I12A$K}y9g|L8}_wewA;'( ^-w\j\#-0MC~:/t@`UEK7Olb8 }L@IP 4p? iCO"ju.N+6|v>2DH"rys!}=^xsіs5ADHͳ>KrBVë6z? i^3_{w jEp>XISB9kթ-xOӆO|B~J;DL~2߄q?Is6uYغ[O`AS:%ə˓!G=)*ښIդ"8I5F4A2 uIH? Md4XPW Pق.'59۴8^]9?ٺm|d`M`l)Za!|)Nr 9j`e>!‡[yRb}b%%h8W:Brc'?<'|GxӼZ;GNZ"ԱGH1D:n;WQ =dznO8Z7𿲜\ta|`|;psF'5\;@XnLxqf='Fs)o. cgm:;@Ć'wj 2'|sF[=uڻue's Cw+t>8niamǡ850Nt,4P$yUZ/WU $]d%FtZx@2&j%3 =яki^x̠t4w 7{{!.u0.y4 2UCnC_:Z1iE0pDa ? W_M7⎍zkQy{rx|SqzL7V_O7LPG ="s(u߂KݤCƧSˁUm["ZUE++5yW,w1~` +?S~G݅XKCAN_:`61EF=Xix {pzzzmq+E;>~$ڣv/ irPڶ )$}?Yx}2"F`Xavd6^ދerB, XGˬZA)[ ZLӍQGgO荊FL $v/Brx;wv??y Mb~Zpv`'`@܂ו0wx dA HaB&aV#j1ԏv\mܬI+qJMlD+eӁ&2*%KR$]q"q/.+q=PnA%Nz`Z-d9C_Z"Os d&[Jo7,πfwk42x|!>`eݦ^0}3g>,V,\$r%tVXo2mEڼIo!~#g=X `ě~.T'0A=ݩBYK$hRO sNBl*%!Po)̐W֏TOO$1nC'6R'L'ab 0?! ZP,C=' 0H1L0L=h D(Fc)MBBϠJ.|*"y%U ԞΘbsr0t̋H$mӢt7:]yIt&̓Gbǽá nxApC&z}-{)jubT$)+^8Z KM 4E lFG@1E췊72EUDh k~1ʼn9| #ƨ66᰿?G <,1@FBtox;Rl."+C"]"$-!0 Q%Z?']ȃ=9999RheY߶py^SZo =rp"Q]${) AAj(O~"!E-mjmchGlIC$Fe;!;PIcl}TZ^X3,M?"/?bG)1[ (oCu&.[y揉{iD#? KD)PG%|]A~B';0_[" WW~qVq5cwb'w|cݡ)0bݵۨZ-# d䏅Yb,n\3#)5|5XmI7Rw ۘ/G*׶'~'="j\DDKjs+A#샒=%h? ,qq'Dsđ#?Ñ:-VAXz- fWDDNE0H^XA0 pD]bɤ /(_Z6TPsm.MEfAȢ'\1fUZr^:XuZ.˘x&V@gLHk̘xok4vlNz ytFu?*Z!ѤF*GZj>kXsܴ5̈Gbv \mz^CnJ[7^'6]4_q=!o7ݝAfnVu&C[wnV#n@ ϋ'찔?1{x9}y c?tk 6٦KMµZAʥ 8IVQD#%rl&U"cMϪJhՃjU9䫚RѪEU8y`0rwe➂I\1ړvc̝G0/bZNa=4MwɒR`N)e8a->"Adk?o(^ 0s6+j17 w5ktPL 77xo/%5&oI{e >9bYӹ%-:u_aci;t]ktKWs>н3B[s^?busι\`{Q,i ͬͱ-j%!F㬤]F5Rh3} ;  AG"4 ?R)!o$:*=9`VŘ7ZmˆR>dD+9mJW1hc8̘xa*1aF eզٝ$7zgFU=[!VUv$r&፴*3;m\lqͦtgoV0DwA>po<|WPʕ=U+'=hpx8l@1"s? I:N~VPԓFprS'"΀!,E||z['AU}H?Km1+62sjDl/uhS3h_~V %ALG0} wMuqu, * bBgѾq>6$EuE)dw wMy–2&. C^!M l  \Zs4e$oz立RS Iݹ`?Ðs{MZ"9`R1@Q>~1&v+!"&LmansIA!l9tkXaٌb=r61^t$`|v.[/ T6CĊ1gGi>'_A1R}ĿIKYET&}fA=bAa~L#[C\i/1MF·:es{Mi0q>"(S[]ă0T]w7q MpWYN S+$fɻ3:rtT(ʞ2|{C` > c7[7ΥiDZ||L ]ǒ 4Bq0hVX{?oX6e2K%( @Ka1c~PoVR$4 >(>gٕa)豪ԕ7) ;ee-| =M蕴B^Ȉq/ٷ)_Ч6#&Dwn`9˳/{E&Oeӽ 5^¶V-r5uv[__;˫E?8$F;6M&E`9y22 6Srsm.4 "Gd;ˀW}QX\mȝ_?ԦF h7QJ1}=W܄qP "g>^sФo%ugg?CBWP~ (By794h3ʏh}18>'|OO;ig}yktZпNF?ӹ(w2s/Qʿ/?gakg99?ς=Ϡ9<>yyy(_|P~Q(GF9g^dE\]d_O7CtAt3%e\_\eOf  忬/)>Crs~~3w Y{ _g wɹN2!(ofYNoT8\0_JeYW@a uqQ^ }VV<_`fkt.rf_2 ̭L_;GVr]!,.5PUZk /YSݲq 6 fJC#Dk(x[xcEw_ƴmBfp0l{|y ގe@?o9Xj,.#vRǮQ!+fx ;~1.'\ʠaCao/XbKZ;c`\G;o=x2gjy }by0\9KhmV=ȾwF=C[%Gx-ȷ:g^=FY2#&23Mť{:o\| "e*s͕B` jϗ5n%c$Q#"9<63wH" P,#V}ޣ (luy9o";'/hpzxO " n#QcLZDAۀY;`51{WM51{spa3 Ӯꐾώ=qf|1h_u7%YAfnƀ_@n=,N7"fG9p=y x_ ܔ0bpa`O*}q AnӕcX00wUW-Ub~K5 D 9b oY1LO}[9$z b2O|e'0OT:-3/DBlK_1ȫKGJLƎ$z oW?_ ]ɡ=FN郧rS+.Ġ/2>g'4WBMx'* Up&a8Yzt]& ~uW&쭰F |m)۹d,ӧ6M\-n\{.|cq"m,?hPxUEG0P$=Cf Kǣ,h :BQfk km"tZзkdY9Hr&zU h$.7=j"6: gCbDZ szlo%()%y+L9(نxJ*Hvx*D ,CS6N>L#c? `vwl9c˖;) Mm+#84B>ܼlQ޺%qm.; +C&:bz:SAW (9|x@loMqlj_ԕU`7g#~"3VœA6p8!(_Gْk0=u6ܨNAEVb0%yMvSFߟ2"L) Ԧ?MSw(\*],1Ał?vLwV * 8"U];#66sQ/>¼uKW=Q'naжJt{]!Kb !CNҶ\)Vbʥ.Sܟ=Ba҃fHEk,^zXٻ$PshՆG0ޏq7PRl@xS a ˶)E=b농 ѨpSTVD'S^m'gymOEmE>m+Ѝ51igNbkcٰ޳sW=?5zlvf~wx:YʐLW\ȏ,,L[Z']Z!hXrE"ҁ )Q~)'mfK#fE1[Rj2 19,O)xI1%h3l䓈mAb ?åk[),#wL xjeFdzUN]Z ^cdX$֬-LE")ԛa:(z0 &&tĵa=":xqea=Vt*Nz/gvV?Pw/qseT3uG?; o:ˌhT*.㉋۝Y*n'WO-)h,=P$DU $RzVsq C&ȕ/2F#oUAњYf]Z%Nbj|ۊ#iQg8&rYOjJZR۝D^8%܆mJPU&s)# MWj\)MS9Q2kEs+q>tgLp -ͱeRZ`l/Z6v?8(