Hopefully when Windows XP SP2 is RTM these reports will disappear.
Edit: Oops, it is getting late on the East Coast so I thought that was released a few hours ago when it was released a month ago. Judging from the report, it still isn't patched... The patching guys at Microsoft must have their hands full right now.
Hey, maybe they can get urlscan to run on the front end of IE, sorta like your own private
IEXPLORE.EXE file version 6.0.2800.1106
MSHTML.DLL file version 6.00.2800.1400
Microsoft Windows XP sp2"
Oh my. Back to the drawing board guys!
Didn't work on my XP SP2 RC2 machine, so...
...so what file versions do you have?
Still I think this hole is more fun to watch than something I'd worry too much about. =)
..and this is another new one.
the demo referenced in the article will add a link to the Firefox website to your favorites, worked on me.....
....but then I am only running XP Pro with SP1.... like 99.99% of the rest of the world...unless they are on 2K...or something
just pulling the cat's tail ??.
Sucks to work in Microsoft Security tonight
From Stepto's post in the "Echo Chamber"
Also, today, Microsoft has released a download.ject cleaner tool to the download center. This tool will detect and clean compromised systems.
More work continues and further updates will be released to microsoft.com/security.
..it appears to cover some of what we have been discussing, especially shell (MS04-024)and help (MS04-023) vulns, looks like they are closing in on the heels of the malverts.. way to go guys!