Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 2: Problems with the patches – and an exploit

    Posted on February 18th, 2009 at 08:49 woody Comment on the AskWoody Lounge

    Trend Micro notes that their researchers have found a very limited, targeted exploit for the Internet Explorer 7 hole patched last Tuesday by MS09-002.

    Details are sketchy, but this is what I’ve been able to figure out so far. The exploit arrives in the form of a Word document, attached to a piece of spam. The spam is highly targeted – which probably means Trend Micro has only seen it on mail addressed to one organization.

    The bad document is caught by Trend Micro and flagged as a virus. If you insist upon opening the doc, it includes ActiveX controls which are (surprise!) fed to Internet Explorer. If you have IE 7 installed on your computer, you’re vulnerable.

    I have no idea how the ActiveX controls kick in – if you have to click something, or if merely opening the doc is sufficient. I also have no idea what happens if Firefox is your default browser – Firefox doesn’t recognize ActiveX, of course. Lots of unanswered questions. But the bottom line is that Trend Micro has seen a bad .DOC file that takes advantage of the hole patched by MS09-002.

    Susan Bradley at Windows Secrets Newsletter has discovered that installing last Tuesday’s Killbit patch, KB 960715 can make some Visual Basic programs toast.

    I suggest that you continue to wait to install last Tuesday’s patches.

    Patience, grasshopper.

    If that helped, take a second to support AskWoody on Patreon