Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Bandit127]

Whatever browser is used, I would recommend disabling the dll thats used in the attack if you don't need it.

Only for those that are comfortable editing the registry...

This from CERT:

The most effective way of mitigating this vulnerability appears to be to disable the Microsoft OLE DB Row Position Library COM object. As outlined in the Microsoft Security Advisory, delete the following registry key:

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}]

Note that once this change is made, all ADO (ActiveX Data Objects applications that use the RowPosition property and related information and all OLE DB applications that use the OLE DB Row Position Library will not function properly.

Do you have a better way to disable the dll TB?

[TheBoy]

Whatever browser is used, I would recommend disabling the dll thats used in the attack if you don't need it.

Only for those that are comfortable editing the registry...

This from CERT:

The most effective way of mitigating this vulnerability appears to be to disable the Microsoft OLE DB Row Position Library COM object. As outlined in the Microsoft Security Advisory, delete the following registry key:

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}]

Note that once this change is made, all ADO (ActiveX Data Objects applications that use the RowPosition property and related information and all OLE DB applications that use the OLE DB Row Position Library will not function properly.

Do you have a better way to disable the dll TB?

Yes, unregister it.  Much quicker than poking in registry, and easier to put back when fixed.

Downside, that will stop all OLEDB functions though!

[cem_devecioglu]

This has kept me busy today!

The beeb, as normal, have blown it all out of proportion from what little I can glean.

Been on the blower to Microsoft, they are unsure of the exact ramifications, and what the worse case is.  They seem unsure of what browsers are affected - we run IE6 on some of the Citrix servers I look after, and I wanted to know if they were vulnerable.  Additionally, not entirely sure if its an IE issue, a database dll issue, or blended vulnerability - MS are hinting at blended.  They are also unsure if non-IE browsers could be affected.  Sounds like they either do not yet fully understand the attack, or are unable to reliably repeat it to debug whats happening.

But at least they were more helpful that Firefox, who do not offer any proper support. So who knows.  At this stage, I am unable to work out if FF will do similar if feed the same page - probably depends on the XML decoder installed on the PC to be honest.


As always, not logging on to Windows as an Administrator will cure most of these type attacks, but many users consider administritive rights as some kind of penile extension, so I guess that falls on deaf ears.
Whatever browser is used, I would recommend disabling the dll thats used in the attack if you don't need it.

 

[cem_devecioglu]

I have to say this again :

Although Microsoft tried to classify Activex controls, internet sites and

many other ready objects etc there will never ever be a complete

solution to those safety problems caused by the nature of pc

systems.. unless you use a DUMMY

terminal

actually the virus scanner softwares, op.system update softwares are

real bomb shells inside pc systems..

[Bandit127]

Yes, unregister it.  Much quicker than poking in registry, and easier to put back when fixed.

Downside, that will stop all OLEDB functions though!

Assume the way to do this is to do the following
Start
Run

type (or copy and paste)
regsvr32 /u OLEDB32.dll

It says "Module could not be found" on my system.  

[cem_devecioglu]

Yes, unregister it.  Much quicker than poking in registry, and easier to put back when fixed.

Downside, that will stop all OLEDB functions though!

Assume the way to do this is to do the following
Start
Run

type (or copy and paste)
regsvr32 /u OLEDB32.dll

It says "Module could not be found" on my system.  

if you dont use database client softwares its normal you dont have

that dll..  thats mostly found on servers and clients that need to

connect various DBs.

[Bandit127]

Yes, unregister it.  Much quicker than poking in registry, and easier to put back when fixed.

Downside, that will stop all OLEDB functions though!

Assume the way to do this is to do the following
Start
Run

type (or copy and paste)
regsvr32 /u OLEDB32.dll

It says "Module could not be found" on my system.  

if you dont use database client softwares its normal you dont have

that dll..  thats mostly found on servers and clients that need to

connect various DBs.

If that is so, why are the Beeb and the Daily Mail making such a rather meal of this?

On second thoughts, don't bother. I already know. Sh*t stirring bastards....IMO
http://www.dailymail.co.uk/news/article-1095266/Millions-warned-use-Internet-Explorer-Chinese-fraudsters-use-security-flaw-hijack-computers.html

[cem_devecioglu]

Yes, unregister it.  Much quicker than poking in registry, and easier to put back when fixed.

Downside, that will stop all OLEDB functions though!

Assume the way to do this is to do the following
Start
Run

type (or copy and paste)
regsvr32 /u OLEDB32.dll

It says "Module could not be found" on my system.  

if you dont use database client softwares its normal you dont have

that dll..  thats mostly found on servers and clients that need to

connect various DBs.

If that is so, why are the Beeb and the Daily Mail making such a rather meal of this?

On second thoughts, don't bother. I already know. Sh*t stirring bastards....IMO
http://www.dailymail.co.uk/news/article-1095266/Millions-warned-use-Internet-Explorer-Chinese-fraudsters-use-security-flaw-hijack-computers.html

not sure though but that component can be loaded if you install microsoft office with full option..

but very sure if you install Microsoft SQL client you will absolutely have this like me

[hotel21]

So where is 'run' hiding in Vista??

[Bandit127]

Yes, unregister it.  Much quicker than poking in registry, and easier to put back when fixed.

Downside, that will stop all OLEDB functions though!

Assume the way to do this is to do the following
Start
Run

type (or copy and paste)
regsvr32 /u OLEDB32.dll

It says "Module could not be found" on my system.  

if you dont use database client softwares its normal you dont have

that dll..  thats mostly found on servers and clients that need to

connect various DBs.

If that is so, why are the Beeb and the Daily Mail making such a rather meal of this?

On second thoughts, don't bother. I already know. Sh*t stirring bastards....IMO
http://www.dailymail.co.uk/news/article-1095266/Millions-warned-use-Internet-Explorer-Chinese-fraudsters-use-security-flaw-hijack-computers.html

not sure though but that component can be loaded if you install microsoft office with full option..

but very sure if you install Microsoft SQL client you will absolutely have this like me

Got full Office Pro on here and dll not loaded. But I haven't used this PC to connect to DBs.

Work laptop will definately have it as I regularly use Excel to mine SQL DBs.

[Bandit127]

ISC/SANS says MS will patch tomorrow.
http://isc.sans.org/diary.html?storyid=5497

More work for TB validating before it goes out I guess...

[STMO123]

This is all very well but what about the poor bastards that dont have a clue....like me?

[cem_devecioglu]

Yes, unregister it.  Much quicker than poking in registry, and easier to put back when fixed.

Downside, that will stop all OLEDB functions though!

Assume the way to do this is to do the following
Start
Run

type (or copy and paste)
regsvr32 /u OLEDB32.dll

It says "Module could not be found" on my system.  

if you dont use database client softwares its normal you dont have

that dll..  thats mostly found on servers and clients that need to

connect various DBs.

If that is so, why are the Beeb and the Daily Mail making such a rather meal of this?

On second thoughts, don't bother. I already know. Sh*t stirring bastards....IMO
http://www.dailymail.co.uk/news/article-1095266/Millions-warned-use-Internet-Explorer-Chinese-fraudsters-use-security-flaw-hijack-computers.html

not sure though but that component can be loaded if you install microsoft office with full option..

but very sure if you install Microsoft SQL client you will absolutely have this like me

Got full Office Pro on here and dll not loaded. But I haven't used this PC to connect to DBs.

Work laptop will definately have it as I regularly use Excel to mine SQL DBs.

I was suspicious about that..

ok then..no worries for ms office users..

[cem_devecioglu]

This is all very well but what about the poor bastards that dont have a clue....like me?

search that oledb32.dll in your system..I think you dont have..

[Bandit127]

This is all very well but what about the poor bastards that dont have a clue....like me?

Don't panic.
Don't surf p*rn or warez sites tonight.
Windows Update tomorrow.
JD