MS-DEFCON 2: Problems with the patches – and an exploitPosted on February 18th, 2009 at 08:49 Comment on the AskWoody Lounge
Trend Micro notes that their researchers have found a very limited, targeted exploit for the Internet Explorer 7 hole patched last Tuesday by MS09-002.
Details are sketchy, but this is what I’ve been able to figure out so far. The exploit arrives in the form of a Word document, attached to a piece of spam. The spam is highly targeted – which probably means Trend Micro has only seen it on mail addressed to one organization.
The bad document is caught by Trend Micro and flagged as a virus. If you insist upon opening the doc, it includes ActiveX controls which are (surprise!) fed to Internet Explorer. If you have IE 7 installed on your computer, you’re vulnerable.
I have no idea how the ActiveX controls kick in – if you have to click something, or if merely opening the doc is sufficient. I also have no idea what happens if Firefox is your default browser – Firefox doesn’t recognize ActiveX, of course. Lots of unanswered questions. But the bottom line is that Trend Micro has seen a bad .DOC file that takes advantage of the hole patched by MS09-002.
Susan Bradley at Windows Secrets Newsletter has discovered that installing last Tuesday’s Killbit patch, KB 960715 can make some Visual Basic programs toast.
I suggest that you continue to wait to install last Tuesday’s patches.