There has been a new security issue just discovered. It was only discovered after the bad guys have started using it instead of the good guys figuring it out. If you are not sure if you are running internet explorer if you use AOL, Comcast, Verizon, among others or you click the blue “E” then you are running internet explorer. This issue affects all ECC clients whether you have an ECC installed and maintained firewall server or not. This issue as of right now also is not caught by any of the top 32 anti-virus packages as well. The issue allows a hacker by use of any website he can take over to load programs that will leverage this issue to take over your machine. He can then install anything he wants to without your knowledge.

Here are the steps to work around this issue: with the most highly rated recommendations at the top:

1.  Download and install Firefox from Mozilla.com

2. Turn on DEP for IE:   Click “Tools,” “Internet Options,” then “Advanced,” and then   checking the box next to that option. Vista users may have difficulty enabling this change.

3.  Head to start then run. Type cmd and the press enter. In the box type:   Regsvr32.exe /u “Program Files\Common Files\System\Ole DB\oledb32.dll” and then press the enter key.  If you get an error contact ECC for assistance.

For the more technical folks out there this is a zero day exploit.  It an invalid pointer reference in the data binding function of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.  Updated a/v and what not right now are NO DEFENSE although I expect this to change rapidly.  Stay tuned as I hear of products being updated or other news I’ll post again.

*Update*  This is not limited to just Chinese sites anymore.  Other sites are now being compromised.  It’s time for some links:

Washington Post

Securosis

Sans Internet Storm Center

Microsoft

Shadowserver(lists compromised sites..GO HERE AT YOUR OWN RISK.  ECC IS NOT REPONSIBLE IF YOUR MAHCINE GETS TAKEN OVER OR DAMAGED)

*UPDATE*  Virustotal shows the updates are coming in for the a/v companies..but some big names stil miss it as of this posting.

*UPDATE 2*

ZDnet has a very well explained description of the mitigation techniques:

Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones:

  1. On the Internet Explorer Tools menu, click Internet Options.
  2. In the Internet Options dialog box, click the Security tab, and then click the Internet icon.
  3. Under Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.  If no slider is visible, click Default Level, and then move the slider to High.

Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone:

  1. In Internet Explorer, click Internet Options on the Tools menu.
  2. Click the Security tab.
  3. Click Internet, and then click Custom Level.
  4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
  5. Click Local intranet, and then click Custom Level.
  6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
  7. Click OK two times to return to Internet Explorer.

Enable DEP for Internet Explorer 7

  1. In Internet Explorer, click Tools, click Internet Options, and then click Advanced.
  2. Click Enable memory protection to help mitigate online attacks.

*UPDATE* The patch has just been released.  Please visit Microsoft Update immediately

Skip to content