Microsoft to ship emergency IE, Visual Studio patches - DiscussWorldIssues - Socio-Economic Religion and Political Uncensored Debate

**bestworkother** · 07-28-2009, 03:52 PM

Microsoft to ship emergency IE, Visual Studio patches

Less than a month after a first pass at patching a troublesome flaw affecting its dominant Internet Explorer browser, Microsoft has announced plans to release two emergency updates with a comprehensive fix for the problem.

The unusual move comes on the heels of a bombshell blog post by reverse engineering specialist Halvar Flake that the original IE kill-bit fix was “insufficient” and that Microsoft “might have accidentally introduced security vulnerabilities into third-party products.”

Microsoft declined to discuss specifics of the emergency patches until tomorrow (July 28, 2009) but a source tells me that it is directly linked to the Microsoft Video ActiveX Control (msvidctl.dll) issue that was being exploited in the wild.

Tomorrow’s out-of-band updates will address:

* One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications.
* The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical.

Interestingly, the issue of using kill-bits to secure IE from ActiveX control vulnerabilities will take center stage at the Black Hat security conference this year. IBM X-Force researcher Mark Dowd will show how these kill-bits can be bypassed [video demo] to launch code execution attacks.

http://blogs.zdnet.com/security/?p=3803&tag=nl.e019#

**Duseshoug** · 07-28-2009, 04:01 PM

THAT is why I use Firefox and Thunderbird! The folks in Redmond will throw out anything they can to make it look like they are doing something good.

Thanx for the post Nline!

**Keyblctt** · 07-28-2009, 04:09 PM

I'll be down for any updates, although no problems with IE8 thus far... not one. I even have JillyB using IE8 and she's now on the Mac team at work... lol. No worries, she'll always be a PC girl at heart.

**Flalafuse** · 07-29-2009, 04:04 AM

I'll be down for any updates, although no problems with IE8 thus far... not one. I even have JillyB using IE8 and she's now on the Mac team at work... lol. No worries, she'll always be a PC girl at heart.

SHUT IT!

He wont let me buy a MAC

I dunno why but I really really like them.

On a side note, I dont only support Macintosh, I support PC's...and let me tell you, the latest update of IE8 has caused a route issue...not certain why that is. Customer can still ping by site name and by site IP in the cmd prompt but they CANNOT get a website in the browser.

Nline, do you know what option changed that would cause a customer to have this issue? We tried system restore to an earlier date, all that did was cause IE8 to not open at all.

**StoyaFanst** · 07-29-2009, 04:04 AM

AND BTW, I HATE IE8....I love me some firefox.

**tyclislavaify** · 07-29-2009, 04:06 AM

AND BTW, I HATE IE8....I love me some firefox.

i used firefox until it got to where it froze the computer. i did an uninstall/reinstall and it still didn't fix it

**Equackasous** · 07-29-2009, 04:15 AM

i used firefox until it got to where it froze the computer. i did an uninstall/reinstall and it still didn't fix it

hrm...get a new computer

(I mean, isn't this the fix-for-all?)

**elossenen** · 07-29-2009, 04:40 AM

SHUT IT!

He wont let me buy a MAC I dunno why but I really really like them.

On a side note, I dont only support Macintosh, I support PC's...and let me tell you, the latest update of IE8 has caused a route issue...not certain why that is. Customer can still ping by site name and by site IP in the cmd prompt but they CANNOT get a website in the browser.

Nline, do you know what option changed that would cause a customer to have this issue? We tried system restore to an earlier date, all that did was cause IE8 to not open at all.

What are they getting? An error message? Hang? IE8 has compatibility modes and add ons that can lock up. Also Google toolbar has had some issues with IE8. It sucks.

**iioijjjkkojhbb** · 07-29-2009, 04:46 AM

dude, that was last week and I've had so many customers since then I cant remember BUT if I remember correctly, they were just getting "Page cannot be displayed" on every page.

**MondayBlues** · 07-29-2009, 04:53 AM

Blocked ports? Xp firewall was probably misconfigured.

**Almolfuncomma** · 07-29-2009, 04:55 AM

I know we turned off the firewall settings for IE, made sure there were no proxies configured and I dont know how you check any port settings (I'm a retard)

**Breeriacoirl** · 07-29-2009, 05:08 AM

You'd have to install a port sniffer program like wireshark to test that. Any number of problems could be the cause of this. Most likely NOT related to IE8. This sounds like spyware. Something hooked into the win sockets stack. A rootkit.

**Carol** · 07-29-2009, 05:09 AM

didnt even think about that. Felt sorry for the guy, had to tell him, "i think its time to call dell support" or bust out your XP cd and see if you can reinstall IE.

**unioneserry** · 07-29-2009, 05:19 AM

Chances are he got infected. His AV program found part of it and remove it but as it had modified his winsock stack it left him unable to connect.

**VYholden** · 07-29-2009, 05:24 AM

hmmm....ok, interesting. YOU KNOW WHAT, OMG...yeah, he kept telling me that he had this thing popping up with the Dr Watson..or something like that...on it and it wouldnt go away.

**CowextetleSix** · 07-29-2009, 04:10 PM

Spyware will do it every time. On top of all of this, I refuse to install add-ons to IE8, such as the Google toolbar. It adds a lot of room for disaster. Sometimes reconfiguration is the best method to solve these little annoying problems.

**Finkevannon** · 08-04-2009, 04:57 AM

You know when I read stuff like this...it makes me even happier that I switched to Mac 3 years ago.

Just warms my little heart.

**Nothatspecial** · 08-04-2009, 05:29 AM

You know when I read stuff like this...it makes me even happier that I switched to Mac 3 years ago.

Just warms my little heart.

Don't be so secure. I'll have to find the link but a security bulletin was issued about an extremely serious hole that allows a website to pwnd a mac in under 5 seconds.

**Teareerah** · 08-04-2009, 05:33 AM

http://www.pcworld.com/article/16153...ml?tk=rss_news

**NKUDirectory** · 08-04-2009, 04:43 PM

SHUT IT!

He wont let me buy a MAC I dunno why but I really really like them.

On a side note, I dont only support Macintosh, I support PC's...and let me tell you, the latest update of IE8 has caused a route issue...not certain why that is. Customer can still ping by site name and by site IP in the cmd prompt but they CANNOT get a website in the browser.

Nline, do you know what option changed that would cause a customer to have this issue? We tried system restore to an earlier date, all that did was cause IE8 to not open at all.

Why would you want a mac? its just like a pc except it crashes more is incompatible with more devices and best of all costs about twice as much for the same product with little to no upgrade capabilities

07-28-2009, 03:52 PM	#1
bestworkother Join Date Oct 2005 Posts 505 Senior Member	Microsoft to ship emergency IE, Visual Studio patches Microsoft to ship emergency IE, Visual Studio patches Less than a month after a first pass at patching a troublesome flaw affecting its dominant Internet Explorer browser, Microsoft has announced plans to release two emergency updates with a comprehensive fix for the problem. The unusual move comes on the heels of a bombshell blog post by reverse engineering specialist Halvar Flake that the original IE kill-bit fix was “insufficient” and that Microsoft “might have accidentally introduced security vulnerabilities into third-party products.” Microsoft declined to discuss specifics of the emergency patches until tomorrow (July 28, 2009) but a source tells me that it is directly linked to the Microsoft Video ActiveX Control (msvidctl.dll) issue that was being exploited in the wild. Tomorrow’s out-of-band updates will address: * One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. * The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Interestingly, the issue of using kill-bits to secure IE from ActiveX control vulnerabilities will take center stage at the Black Hat security conference this year. IBM X-Force researcher Mark Dowd will show how these kill-bits can be bypassed [video demo] to launch code execution attacks. http://blogs.zdnet.com/security/?p=3803&tag=nl.e019# Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-28-2009, 04:01 PM	#2
Duseshoug Join Date Oct 2005 Posts 322 Senior Member	THAT is why I use Firefox and Thunderbird! The folks in Redmond will throw out anything they can to make it look like they are doing something good. Thanx for the post Nline! Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-28-2009, 04:09 PM	#3
Keyblctt Join Date Nov 2005 Posts 427 Senior Member	I'll be down for any updates, although no problems with IE8 thus far... not one. I even have JillyB using IE8 and she's now on the Mac team at work... lol. No worries, she'll always be a PC girl at heart. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 04:04 AM	#4
Flalafuse Join Date Oct 2005 Posts 387 Senior Member	I'll be down for any updates, although no problems with IE8 thus far... not one. I even have JillyB using IE8 and she's now on the Mac team at work... lol. No worries, she'll always be a PC girl at heart. SHUT IT! He wont let me buy a MAC I dunno why but I really really like them. On a side note, I dont only support Macintosh, I support PC's...and let me tell you, the latest update of IE8 has caused a route issue...not certain why that is. Customer can still ping by site name and by site IP in the cmd prompt but they CANNOT get a website in the browser. Nline, do you know what option changed that would cause a customer to have this issue? We tried system restore to an earlier date, all that did was cause IE8 to not open at all. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 04:04 AM	#5
StoyaFanst Join Date Nov 2005 Posts 341 Senior Member	AND BTW, I HATE IE8....I love me some firefox. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 04:06 AM	#6
tyclislavaify Join Date Oct 2005 Posts 407 Senior Member	AND BTW, I HATE IE8....I love me some firefox. i used firefox until it got to where it froze the computer. i did an uninstall/reinstall and it still didn't fix it Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 04:15 AM	#7
Equackasous Join Date Oct 2005 Posts 468 Senior Member	i used firefox until it got to where it froze the computer. i did an uninstall/reinstall and it still didn't fix it hrm...get a new computer (I mean, isn't this the fix-for-all?) Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 04:40 AM	#8
elossenen Join Date Oct 2005 Posts 410 Senior Member	SHUT IT! He wont let me buy a MAC I dunno why but I really really like them. On a side note, I dont only support Macintosh, I support PC's...and let me tell you, the latest update of IE8 has caused a route issue...not certain why that is. Customer can still ping by site name and by site IP in the cmd prompt but they CANNOT get a website in the browser. Nline, do you know what option changed that would cause a customer to have this issue? We tried system restore to an earlier date, all that did was cause IE8 to not open at all. What are they getting? An error message? Hang? IE8 has compatibility modes and add ons that can lock up. Also Google toolbar has had some issues with IE8. It sucks. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 04:46 AM	#9
iioijjjkkojhbb Join Date Oct 2005 Posts 375 Senior Member	dude, that was last week and I've had so many customers since then I cant remember BUT if I remember correctly, they were just getting "Page cannot be displayed" on every page. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 04:53 AM	#10
MondayBlues Join Date Oct 2005 Posts 429 Senior Member	Blocked ports? Xp firewall was probably misconfigured. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 04:55 AM	#11
Almolfuncomma Join Date Oct 2005 Posts 590 Senior Member	I know we turned off the firewall settings for IE, made sure there were no proxies configured and I dont know how you check any port settings (I'm a retard) Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 05:08 AM	#12
Breeriacoirl Join Date Oct 2005 Posts 377 Senior Member	You'd have to install a port sniffer program like wireshark to test that. Any number of problems could be the cause of this. Most likely NOT related to IE8. This sounds like spyware. Something hooked into the win sockets stack. A rootkit. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 05:09 AM	#13
Carol Join Date Oct 2005 Posts 547 Senior Member	didnt even think about that. Felt sorry for the guy, had to tell him, "i think its time to call dell support" or bust out your XP cd and see if you can reinstall IE. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 05:19 AM	#14
unioneserry Join Date Oct 2005 Posts 449 Senior Member	Chances are he got infected. His AV program found part of it and remove it but as it had modified his winsock stack it left him unable to connect. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

07-29-2009, 05:24 AM	#15
VYholden Join Date Oct 2005 Posts 635 Senior Member	hmmm....ok, interesting. YOU KNOW WHAT, OMG...yeah, he kept telling me that he had this thing popping up with the Dr Watson..or something like that...on it and it wouldnt go away. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

07-29-2009, 04:10 PM	#16
CowextetleSix Join Date Oct 2005 Posts 473 Senior Member	Spyware will do it every time. On top of all of this, I refuse to install add-ons to IE8, such as the Google toolbar. It adds a lot of room for disaster. Sometimes reconfiguration is the best method to solve these little annoying problems. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

08-04-2009, 04:57 AM	#17
Finkevannon Join Date Nov 2005 Posts 461 Senior Member	You know when I read stuff like this...it makes me even happier that I switched to Mac 3 years ago. Just warms my little heart. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

08-04-2009, 05:29 AM	#18
Nothatspecial Join Date Oct 2005 Posts 574 Senior Member	You know when I read stuff like this...it makes me even happier that I switched to Mac 3 years ago. Just warms my little heart. Don't be so secure. I'll have to find the link but a security bulletin was issued about an extremely serious hole that allows a website to pwnd a mac in under 5 seconds. Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

08-04-2009, 05:33 AM	#19
Teareerah Join Date Oct 2005 Posts 440 Senior Member	http://www.pcworld.com/article/16153...ml?tk=rss_news Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote

08-04-2009, 04:43 PM	#20
NKUDirectory Join Date Nov 2005 Posts 597 Senior Member	SHUT IT! He wont let me buy a MAC I dunno why but I really really like them. On a side note, I dont only support Macintosh, I support PC's...and let me tell you, the latest update of IE8 has caused a route issue...not certain why that is. Customer can still ping by site name and by site IP in the cmd prompt but they CANNOT get a website in the browser. Nline, do you know what option changed that would cause a customer to have this issue? We tried system restore to an earlier date, all that did was cause IE8 to not open at all. Why would you want a mac? its just like a pc except it crashes more is incompatible with more devices and best of all costs about twice as much for the same product with little to no upgrade capabilities Share Share this post on Digg Del.icio.us Technorati Twitter
	Quote