Another Cumulative Patch for Internet Explorer

[Tom R.]

Title: Cumulative Patch for Internet Explorer Execution (828750)
Date: October 3, 2003
Software:
Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Impact: Run code of attacker's choice.
Maximum Severity Rating: Critical
Bulletin: MS03-040

The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-040

What Is It?
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-040 which concerns a vulnerability in Internet Explorer.
Customers are advised to review the information in the bulletin, test and
deploy the patch immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/sec...n/MS03-040.asp

The October 2003 Cumulative Patch for Internet Explorer is available via
Windows Update. Please disable your anti-virus application and close all
other running Windows-based processes before going to Windows Update to
download/install this patch.
http://v4.windowsupdate.microsoft.com/en/default.asp

[Robin T Cox]

"Tom R." <tom42344@snotmail.com> wrote in
news:vnte77bmoq1q4d@corp.supernews.com:

> Title: Cumulative Patch for Internet Explorer Execution (828750)
> Date: October 3, 2003
>
I installed this patch today. But even so, with Activex enabled my IE6
still fails the Secunia test:
http://www.secunia.com/MS03-032/

[Roy]

In article <Xns940AA464D2719robin2803@194.168.222.40>, robin2803
@hotmail.com says...

> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/
>

I've always understood that by enabling Activex on a page you were
effectively allowing any code to be run remotely on your PC, so why are
you surprised?

But I'm no expert, so perhaps one of those would care to confirm or deny
that.

Cheers,

Roy

[joebee]

My pc passed with flying colours.
"Robin T Cox" <robin2803@hotmail.com> wrote in message
news:Xns940AA464D2719robin2803@194.168.222.40...
> "Tom R." <tom42344@snotmail.com> wrote in
> news:vnte77bmoq1q4d@corp.supernews.com:
>
> > Title: Cumulative Patch for Internet Explorer Execution (828750)
> > Date: October 3, 2003
> >
> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/
>
>
>
>

[Little Johnny]

Mine passed the test.


"Robin T Cox" <robin2803@hotmail.com> wrote in message
news:Xns940AA464D2719robin2803@194.168.222.40...
> "Tom R." <tom42344@snotmail.com> wrote in
> news:vnte77bmoq1q4d@corp.supernews.com:
>
> > Title: Cumulative Patch for Internet Explorer Execution (828750)
> > Date: October 3, 2003
> >
> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/
>
>
>
>

[Lance Hill]

"Robin T Cox" <robin2803@hotmail.com> wrote...
> "Tom R." <tom42344@snotmail.com> wrote:
>
> > Title: Cumulative Patch for Internet Explorer Execution (828750)
> > Date: October 3, 2003
> >
> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/

The test presented the File Download dialog box with Open, Save and Cancel
buttons.

Since this was a test, I opened it and the resulting page said the dialog
box indicated I was patched with MS03-040 and was not vulnerable.

Lance
*****

[Robin T Cox]

Robin T Cox <robin2803@hotmail.com> wrote in
news:Xns940AA464D2719robin2803@194.168.222.40:

>> Title: Cumulative Patch for Internet Explorer Execution (828750)
>> Date: October 3, 2003
>>
> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/

To specify more exactly:

My Activex settings are Prompt/Disable/Disable/Enable/Enable.
When I click the link to perform the test, the grey File Download box pops
up.
When I click Open, Kerio PF kicks in with:
- an Outgoing Connection Alert: C:\windows\mshta.exe ('Microsoft (R) HTML
Application host' from your computer wants to connect to
localhost[127.0.0.1],port 8080)
When I click Deny, Kerio issues:
- another Outgoing Connection Alert, again from mshta.exe, wanting to
connect to 213.150.41.226.port 80
When I click Deny, Kerio issues:
- another Outgoing Connection Alert, from mshta.exe wanting to send UDP
datagram to localhost [127.0.0.1], port 1116
When I click Deny, nothing further happens.

My puzzlement is because, having installed the patch,
- when I did the test I did not expect to get the pop-up File Download box
in the first place
- it seems that, but for Kerio's protection, my system would still be
making unwanted outgoing connections etc.

Or am I getting hold of the wrong end of the stick?

[Robin T Cox]

Robin T Cox <robin2803@hotmail.com> wrote in
news:Xns940B54406300Erobin2803@62.253.162.114:

> My puzzlement is because, having installed the patch,
> - when I did the test I did not expect to get the pop-up File Download
> box in the first place
> - it seems that, but for Kerio's protection, my system would still be
> making unwanted outgoing connections etc.
>
> Or am I getting hold of the wrong end of the stick?
>

OK, it's me getting hold of the wrong end of the stick.
When I allow the outgoing connections, it brings up an IE script error:
click yes/no: yes brings popup blank test.hta, same with no.
So the patch does work.

Thanks all.

[|3iff //ullins]

lucat bene, der "joebee" <joebee@home.com.au> goh, a hunnert truxx
inero, sumwit kowz n' sumwit duxx on Sun, 05 Oct 2003 00:04:22 GMT:

>"Robin T Cox" <robin2803@hotmail.com> wrote in message
>news:Xns940AA464D2719robin2803@194.168.222.40.. .
>> "Tom R." <tom42344@snotmail.com> wrote in
>> news:vnte77bmoq1q4d@corp.supernews.com:
>>
>> > Title: Cumulative Patch for Internet Explorer Execution (828750)
>> > Date: October 3, 2003
>> >
>> I installed this patch today. But even so, with Activex enabled my IE6
>> still fails the Secunia test:
>> http://www.secunia.com/MS03-032/
>>
>My pc passed with flying colours.
>

ditto.
(your top-post has been corrected.)

--
as surreal as it gets.
http://www.nasosov.com

[Roy]

In article <blo12h$egird$1@ID-26139.news.uni-berlin.de>,
lltbhill@earthlink.net says...

> The test presented the File Download dialog box with Open, Save and Cancel
> buttons.
>
> Since this was a test, I opened it and the resulting page said the dialog
> box indicated I was patched with MS03-040 and was not vulnerable.
>

And you enabled Activex for this?

Very brave....

Cheers,

Roy