Aye, Microsoft broke with their update shedule (currently the 2nd tuesday in a month) to release a emergency patch for IE to fix a vulnerability.


Microsoft Security Bulletin MS04-025
Cumulative Security Update for Internet Explorer (867801)

Issued: July 30, 2004
Updated: August 1, 2004
Version: 2.0

Summary
Who should read this document: Customers who use Microsoft® Internet Explorer

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS04-004, which is itself a cumulative update.

Caveats: Subsequent to the release of this security bulletin, Microsoft was made aware that the update provided for Windows XP customers running the new version of Windows Update, Windows Update Version 5, did not contain the final release code for the vulnerabilities addressed in the security bulletin. Microsoft has corrected the update and is re-releasing this bulletin to advise of the availability of a revised update available to Windows Update Version 5 customers. Customers who are utilizing Windows Update Version 4, the vast majority of customers, are not affected by this revision.

This update does not include hotfixes for Internet Explorer provided since the release of MS04-004. Customers who have received hotfixes from Microsoft or their support providers since the release of MS04-004 should review the FAQ section for this update to determine how this update might impact their operating systems.

Tested Software and Security Update Download Locations:

Affected Software:

• Microsoft Windows NT® Workstation 4.0 Service Pack 6a

• Microsoft Windows NT Server 4.0 Service Pack 6a

• Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

• Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4

• Microsoft Windows XP and Microsoft Windows XP Service Pack 1

• Microsoft Windows XP 64-Bit Edition Service Pack 1

• Microsoft Windows XP 64-Bit Edition Version 2003

• Microsoft Windows Server® 2003

• Microsoft Windows Server 2003 64-Bit Edition

• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) – Review the FAQ section of this bulletin for details about these operating systems.

So go run windows update ;)

You don't get that kind of shit with Mozilla. (http://www.mozilla.org/)

You don't get that kind of shit with Mozilla. (http://www.mozilla.org/)

You don't know what kind of shit you get with that mozilla

Firefox > Mozilla > IE

and look at the cute fluffy toy!
http://www.mozillastore.com/images/products/large/31.jpg

Amen @ the above.

Edit: Type about:mozilla into IE.

Firefox > Mozilla > IE
you r right :P
i luve firefox :)

You don't get that kind of shit with Mozilla. (http://www.mozilla.org/)
Which part? Bugs? Fixes? Patches?

You get all of the above. :confused:

Which part? Bugs? Fixes? Patches?

You get all of the above. :confused:
Most of the hijacks and things are created for IE, because it's most popular/microsoft. The fact that mozilla is actually better than Internet Explorer is just a plus. I might check out Firefox later on, but mozilla loves me and I love her.

iirc (which I do :p) firefox/mozilla recently had a vuln that allowed a hacker to take control of ur system - no browser is foolproof :p

iirc (which I do :p) firefox/mozilla recently had a vuln that allowed a hacker to take control of ur system - no browser is foolproof :p
True, but Microsoft is a bigger tease than the rest, attracting more hackers.

I'm guessing that most hackers like to hack Microsoft products instead of something like Mozilla.

iirc (which I do :p) firefox/mozilla recently had a vuln that allowed a hacker to take control of ur system - no browser is foolproof :p

And within 24 hours, a response was made so that it could be corrected by either a patch or do-it-yourself info :D

How many IE vulnerabilities have taken over a week (or several months in some cases) to be fixed? :p

from what I've heard, MS are rebuilding IE from the ground up for version 7, to remove all the vulns that are available.

As for Mozilla, its open source, and I read somewhere once about some guy sticking into the CVS a direct exploit that would allow someone root access (think it was actually for Linux), the code wasnt noticed for a while because it was just one line of text, now hackers can "help" with the code of Mozilla/Firefox and insert exploits there which then need to be looked at a lot closer ;)

I tried firefox.


Buggy as fuck, and that's coming from someone who's used IE for 5 years.

never had any problems with Firefox or Mozilla.

Most of the hijacks and things are created for IE, because it's most popular/microsoft. The fact that mozilla is actually better than Internet Explorer is just a plus. I might check out Firefox later on, but mozilla loves me and I love her.

Mozilla gets attacks too. The difference is they get fixed within a day, where as IE still has what? 16+ exploits in it? Big difference between having bugs and having bugs that everyone who shouldn't know about them has had months to play with them.




Buggy as fuck, and that's coming from someone who's used IE for 5 years.

Sounds like BS to me. Like what kind of bugginess exactly? I have 6 machines running firefox and not one has had a problem.

Sounds like BS to me. Like what kind of bugginess exactly? I have 6 machines running firefox and not one has had a problem.Sounds like BS to me.(note: just because you dislike someone's opinion, doesnt mean it's BS)

Installed 2 themes and 4 add-on's, firefox then froze forcing a hard reboot, after rebooting, firefox showed 0 themes and 0 new add-ons, despite having the affects of the add-on's still, but with no way to control them.

Installing new add-ons didnt work at all.

Uninstalling firefox, when trying to re-install it said firefox was still detected, so I had to manually delete every firefox reg key.

Once I re-installed everything seemed ok, until tried open .pdf pages with it, whereupon it takes 100%cpu/memory and wont close down.

Sounds like BS to me.(note: just because you dislike someone's opinion, doesnt mean it's BS)

No it means I think you are wrong or your talking about an older version.




Installed 2 themes and 4 add-on's, firefox then froze forcing a hard reboot, after rebooting, firefox showed 0 themes and 0 new add-ons, despite having the affects of the add-on's still, but with no way to control them.

I have more then that installed in the firefoxes. Never had a problem. What version of Firefox are you talking about?



Uninstalling firefox, when trying to re-install it said firefox was still detected, so I had to manually delete every firefox reg key.

Again it must be an older version, as I have copied later versions over existing versions and never had that problem.


Once I re-installed everything seemed ok, until tried open .pdf pages with it, whereupon it takes 100%cpu/memory and wont close down.

That is a problem with the adobe PDF viewer plugin (as the same happened in IE). Has nothing to do with firefox. It is attempting to load the whole PDF before showing it in a viewer. Latest version of Acrobat appears to fix this.

No it means I think you are wrong or your talking about an older version.




I have more then that installed in the firefoxes. Never had a problem. What version of Firefox are you talking about?



Again it must be an older version, as I have copied later versions over existing versions and never had that problem.



That is a problem with the adobe PDF viewer plugin (as the same happened in IE). Has nothing to do with firefox. It is attempting to load the whole PDF before showing it in a viewer. Latest version of Acrobat appears to fix this.I think you're talking out of your arse and intend to rubbish any attempts at showing firefox as not being perfect.

All problems with firefox 0.92( WOW THE LATEST VERSION ARCHEUS! )
Problem with PDF does not happen with IE, using adobe viewer 6 with latest updates.

Hey, guess what, firefox isnt perfect.

Opera > IE

MyIE2/Maxthon > All.

I've tried Mozilla, Firefox, Netscape, and Opera, in addition to using IE. In my opinion IE is the best, and MyIE2/Maxthon uses IE as a base to implement cool toys like tabbed browsing and such. Which means that 99% of stuff actually renders properly (something I've always stuggled with in all browsers except IE), and I notice zero time differential, too.

Now, the bugs/exploits/vulnerabilities are all bad, but I'd still take IE (or in this case MyIE2/Maxthon) over any others.

End of story.

--Stryfe

I agree, IE > *. I use Linux and on that I'm limited to Mozilla or Firefox or Opera, or I can fiddle with Wine and get IE6 installed, but thats too much hassle. IE does everything, it renders everything, ignores bad HTML, loads pages up quickly, has content built for it (Shockwave etc..) and it looks good cause its plain and basic. Mozilla looks horribe, its got stupid bugs (I'll scroll down here and odds are Mozilla will go "ohh he wants to go back a page" and I'm like "OMFG I DONT WANT TO GO BACK A PAGE I HATE YOU DIE DIE!" kind of thing)

So yes, IE > * :p

IE ignores bad HTML

Uh...IE is the one that following its own rendering standards. Practically every other rendering engine used (Gecko, Opera) follow the rendering standards of W3C (http://www.w3.org/), the body who handles such workings :wtf:

What you're probably on about are those sites which work like a doddle in IE but are screwed in Mozilla - That's because the developers of those sites coded it with a focus on getting it to work on IE. That'll either be because the page was coded in Frontpage or similar, the developer only concentrated on IE and forgot about the rest, or the developers was just too damn lazy/unexperienced enough to follow the standards so ALL browsers can render them regardless of browser or OS

They're a scourage that must be beaten. With long, spikey sticks.

Uh...IE is the one that following its own rendering standards. Practically every other rendering engine used (Gecko, Opera) follow the rendering standards of W3C (http://www.w3.org/), the body who handles such workings :wtf:
And that's just lovely for them I'm sure. However the vast majority of the world uses the MS standard.

It won't matter one jot how many different clients follow the "official" standard as long as 80% of the client install base and 99% of the developers follow the MS one.

Opera > IE

<3 opera never tried mozzila TBH

And that's just lovely for them I'm sure. However the vast majority of the world uses the MS standard.

It won't matter one jot how many different clients follow the "official" standard as long as 80% of the client install base and 99% of the developers follow the MS one.

Yep, that's the problem - De Facto standards usually prevail, MS's seem to dominate via monopoly :mad:

So while people code for mainly IE, they'll be for a while the annoying CD-eject cupholder scripts, the pop-up windows, the vulnerability exploits...Actually, why am I complaining? Go IE and its standards dominance! :D (Keeps the hackers and scripts off the backs of Gecko & Opera)

I think you're talking out of your arse and intend to rubbish any attempts at showing firefox as not being perfect.

All problems with firefox 0.92( WOW THE LATEST VERSION ARCHEUS! )
Problem with PDF does not happen with IE, using adobe viewer 6 with latest updates.

Hey, guess what, firefox isnt perfect.

Problem must be your machine then.

I am using Firefox (latest version) on XPx2, XP Pro, W2K Prox3. None of them have any of the problems you are mentioning and each machine has varying memory (512mb to 2GB).

I don't see any of the issues you have. So the factor has to be outside Firefox. That is why I am saying your wrong.


MyIE2/Maxthon uses IE as a base to implement cool toys like tabbed browsing and such.

Which is already built into mozilla as standard.

Opera is pretty good as well, although I found it was better for reading then surfing.

No probs with mozilla/ff/opera, except on thgis forum, it dont show some [ i m g ] tags.

True, but Microsoft is a bigger tease than the rest, attracting more hackers.

hm .. mozilla.org pays 500$ per found security issue ... microsoft pays. hm nothing and why ? -->> bankruptcy in one month :rolleyes:

hm .. mozilla.org pays 500$ per found security issue ... microsoft pays. hm nothing and why ? -->> bankruptcy in one month :rolleyes:
They could pay for a century of bug-reports at that rate on less than a second of operating profit from any single division bar the XBox one.

hm .. mozilla.org pays 500$ per found security issue ... microsoft pays. hm nothing and why ? -->> bankruptcy in one month :rolleyes:

Actually MS pays $250,000 for anyone who reports people who write the exploits for microsoft. Set at currently a 10 million pool.

Which is a better system? Preventing the exploits by fixing them, or waiting until the exploits are written and going after the authors?

Actually MS pays $250,000 for anyone who reports people who write the exploits for microsoft. Set at currently a 10 million pool.

Which is a better system? Preventing the exploits by fixing them, or waiting until the exploits are written and going after the authors?
Option 2 if you then hire them to help develop the next generation.

"Preventing the exploits by fixing them" is a contradiction of terms anyway.

You don't get that kind of shit with Mozilla. (http://www.mozilla.org/)

Mozilla is awsome, the new one FireFox - even better IE bites

Option 2 if you then hire them to help develop the next generation.

"Preventing the exploits by fixing them" is a contradiction of terms anyway.

preventing the creation of easy tools to exploit is what I meant. I think I would prefer the security hole fixed then to wait for the bounty hunters to hunt down someone.

By the way, despite what people believe if you are convicted of a security related crime it will pretty much guarantee you don't get a job in the security industry. Of course there are exceptions, but anyone thinking "Hackers" mentality is the way to show off, it isn't.

Anyway MS is hardly offering these people jobs. Option 2 is only good if you want to get rich quicker (and don't mind reporting people).

Which is a better system? Preventing the exploits by fixing them, or waiting until the exploits are written and going after the authors?

ask the microgays. about 16 open ie holes ... i dont write the explids but i love to use em :rolleyes:
ie suckz. firefox, mozilla and konqueror very good alternative.

problems with other browsers then ie:
poor, dump webmasters.

preventing the creation of easy tools to exploit is what I meant.

Any exploit available can be shrinkwrapped into a "click here to down/hack TARGET computer". It's not brain surgery.


Anyway MS is hardly offering these people jobs.

Irellevant since other people DO want to hire such people. Paying someone to defuse a bomb after it has gone off - that's just stupid. Proactive is the way computer security is heading down now, some people should wake up and smell the roses.

It's like griefers during some events:

GM: "You may not PK in this zone from T untill T+N."
Noob:"Hey.who killed me?"
PKer: "Me, i dont give a crap, go ahead and ban me, i've already had my fun."

Any exploit available can be shrinkwrapped into a "click here to down/hack TARGET computer". It's not brain surgery.

True, but there is a difference between posting the exploit and a script kiddie being able to use said exploit without the use of their l33t-0-matic GUI hacktool. Sorry but for some hacks to your average hacker/kiddie it is brain surgery.


Irellevant since other people DO want to hire such people.

I said there were exceptions, but there are really smart people in the security industry that didn't have to resort to crimes to prove how smart they are. Top companies will not hire black hat hackers.

However certainly mafia et al, certainly give good work experience for black hats.

Problem must be your machine then.

I am using Firefox (latest version) on XPx2, XP Pro, W2K Prox3. None of them have any of the problems you are mentioning and each machine has varying memory (512mb to 2GB).

I don't see any of the issues you have. So the factor has to be outside Firefox. That is why I am saying your wrong.
hahahahahahahahahahahahahahaha

Your posts serve as the definition of "fanboi".

"It's an older version of firefox!"
"It's not happening to me, IT MUST BE YOU!"

However certainly mafia et al, certainly give good work experience for black hats.

So.. this is the Maffia is it?

http://www.gchq.gov.uk/

Guess again.

And Fortune 500 corps say alot but they act differently.

About so called "Whitehats" i say as Schneier said about Mudge and friends when they were talking about Phiber optic, that those who "got away with it" should't even comment on other people.

hahahahahahahahahahahahahahaha

Your posts serve as the definition of "fanboi".

"It's an older version of firefox!"
"It's not happening to me, IT MUST BE YOU!"

Correct, I know of numerous machines running Firefox not having problems. ergo. The problem is with you or your machine. Trying to figure out what the problem is (translation: Assuming your not FOS) the reply I get back is "Haha I was right, you were wrong".

But keep living in that world where you think your right.


So.. this is the Maffia is it?

http://www.gchq.gov.uk/

Guess again.

You have a link where they say they are hiring ex-criminals who were convicted for security offenses? I had a look at the site and it seems to say the reverse.

I only read the first page but I noticed no one said Opera, I use this, it works great, 2nd party apps work fine through it (quicktime, flash etc.) And it has the added luxury of not opening popups that arent requested. (No popups whatsoever) There is a free version which runs an adbar at the top, but using fullscreen removes everything except the address bar. Also you get gestures, which I find very useful for navigating.

edit: opera love starts on page 2.

You have a link where they say they are hiring ex-criminals who were convicted for security offenses? I had a look at the site and it seems to say the reverse.

They dont say that. Do you know that Alan Turing was gay? (Brilliant guy who worked at Bletchley park during WW2), at that time, it was the equivalent of beeing "Black hat" - you are shunned from community because of something you do for yourself that some people think is below their morale.

Personally, i use 2 descriptions instead of "White/Black hats":

- Security researcher
vs
- Criminal

I've met one of the latter, it took him ~20 seconds to sit down at an SGI workstation and was already poking around on /etc/shadow when we were on a visit to some GFX studio. Hopeless people..

Besides, Anyone can label him/herself a white/blackhat. You actions determine who you are (Like SoulLight). And it's also a matter of someones opinion if you "are" blackhat or not. Crime dont have anything to do with it, people label you if you write as much as a simple portscanner. Most do it to boost their own standing.

I know a antivirus guy here in Sweden (lets call him PH) who said that "l0pht write viruses" and thereby labeled them as "blackhats". PH is one of those "Well, someone said so, so it must be true" persons. Dont matter; L0pht became @stake and have a good standing in the computer business, he is just a small time column writer that lost mine and alot of others respect that day.

Btw: I dont wear hats.

<ignore me pls>

They dont say that. Do you know that Alan Turing was gay? (Brilliant guy who worked at Bletchley park during WW2), at that time, it was the equivalent of beeing "Black hat"

Except that he wasn't "out" as such. When it was made public it destroyed his career. Your basing your argument on something that happened over 50 years ago. Anything more recent? Also if you were to compare it to an incident today, it would be like someone being found out they were doing criminal activities while working for gchq. What do you think would happen to them?



I've met one of the latter, it took him ~20 seconds to sit down at an SGI workstation and was already poking around on /etc/shadow when we were on a visit to some GFX studio. Hopeless people..

Intelligent Criminal != all criminals are intelligent.


Crime dont have anything to do with it, people label you if you write as much as a simple portscanner. Most do it to boost their own standing.

I am not talking about writing a portscanner. It certainly isn't a criminal offense. How about a person who writes a program that allows them to break into servers and then steal information without the owners permission and knowledge. Are you going to trust a person who has been convicted of such a crime to work on your security systems?

You dont get it do you... Ignore list updated.

Correct, I know of numerous machines running Firefox not having problems. ergo. The problem is with you or your machine. Trying to figure out what the problem is (translation: Assuming your not FOS) the reply I get back is "Haha I was right, you were wrong".

But keep living in that world where you think your right.
First you blamed it on being an older version

Then you blamed it on being an older version of acrobat

When both were shown to be BS, you blamed my PC.

I have 3 machines running IE that have never been exploited/hacked/etc, ergo the problem for the millions who do, is THEIR MACHINES FAULT!.

Grow up, for an adult you really need to.