Microsoft: Out-of-Cycle Security Patch Coming - WinPlanet Windows Software Reviews

You are in the: Small Business Computing Channel

ť ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It

Power Search | Tips

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Enter a keyword

Newsletters offering Windows news, articles, tips and reviews.

Partners & Affiliates

Small Business Computing

Ecommerce Guide

Webopedia

WinPlanet

WinPlanet / News

Download of the day

• Internet Explorer 8

Most Popular Software Downloads

• Opera

• Internet Explorer 7

• QuickTime for Windows

• Winamp

• Mozilla Firefox 3

• Ad-Aware 2008 Free

• Adobe Flash Player

• Paint Shop Pro

• Adobe Shockwave Player

• AVG Anti-Virus Free

• 7-Zip

Most Popular Software Articles

• Windows Vista Tips & Tricks, Part 1

• Windows Vista: Worthy of the Hype?

• Windows Wireless Zero Configuration: Five Steps to Sanity

Software Reviews

Microsoft: Out-of-Cycle Security Patch Coming
Patch Will Fix Download.Ject Flaw
Ryan Naraine

Microsoft plans to release an out-of-cycle security patch next week to fix a software flaw that led to the sophisticated Download.Ject malware attack, company officials disclosed on Wednesday.

The company will release the patch, which is currently being tested, next week as a "critical" security update to provide a "long-term solution to the core vulnerability" that led to the Download.Ject attack.

Dean Hachamovitch, Microsoft group product manager for Internet Explorer, made the announcement, saying the patch would cover versions 5.01, 5.5, and 6.0 of Internet Explorer.

The software giant has already released a Trojan detection and removal tool to help PC users clean up after the attack, which targeted well-known software flaws to install keystroke loggers and other malicious code on infected systems.

The 118 KB removal tool is programmed to remove the payload delivered by the server-side Download.Ject Trojan. The Trojan, also known as Scob, exploited vulnerabilities in Microsoft's IIS 5.0 servers and IE to distribute malware programs. It started spreading late last month after unknown attackers uploaded a small file with JavaScript to infected web sites running Microsoft IIS 5.0 servers.

A user visiting an infected site with IE automatically became infected with the JavaScript, which triggered a download from a Russian web site. The download included Trojan horse programs like keystroke loggers, proxy servers, and other back doors providing full access to the infected system.

In addition to the Trojan detection and removal tool, Microsoft issued a slew of Windows configuration changes aimed at thwarting the Download.Ject attack. Hachamovitch said that those changes did not provide a complete fix to the core vulnerability.

"Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience," Hachamovitch said.

Microsoft is also testing a clean-up tool for the latest mutant of the MyDoom virus that started squirming through major search engines earlier this week. The virus has been programmed to launch of distributed Denial of Service attacks against the Microsoft.com home page.

When it's released, the tool will be available for download here.

News courtesy of internetnews.com

July 29, 2004

Download IE Security Patches Now!

Download Windows XP SP2 RC2 Now!

View All Microsoft Service Packs

Contents:
1. Patch Will Fix Download.Ject Flaw

Additional Articles:

Malware Hacker Attack Linked to Spammers

Malware Attack Thwarted, But Danger Lurks

US Gov: Beware of IE

Microsoft Issues Security Update for Trojan

Another IE Flaw in the Wild?

Microsoft Faces Angry IE Users' Questions

Microsoft Releases New Tool to Zap Download.Ject

'Critical' IE Patch Released

MS Patch Barrage Comes with IE Fix

'Drag-and-Drop' IE Flaw Persists

MS Patches IFRAME Vulnerability Out of Cycle

Microsoft Patches Three Holes, Offers Removal Tool

Microsoft Patch Day Plugs 3

Microsoft Patches 3 Critical Flaws

IE Workarounds for New Zero Day Exploit

Unpatched IE Flaw Now Exploitable

Microsoft Going Critical on Tuesday

Microsoft Crafts Critical Patches

Microsoft Warns on Windows, IE Flaws

Microsoft Patches IE, Windows, Office

Microsoft's Patch of a Patch Will Be Late

Latest IE Zero Day Has XML Designs

IE Vulnerability Spreads to Email

IE VML Exploit Growing in Severity

VML Exploit Patched, Questions Remain

PowerPoint, IE Hit by New Zero-Day Flaws

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook Intel Go Parallel Article: Getting Started with TBB on Windows Microsoft Article: 7.0, Microsoft's Lucky Version?		Intel Go Parallel Article: Intel Threading Tools and OpenMP HP eBook: Storage Networking , Part 1 Avaya Article: Speech Sandbox: Application Simulation in Avaya Dialog Designer MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
HP Video: StorageWorks EVA4400 and Oracle HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind		MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook		Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
Featured Algorithm: Intel Threading Building Blocks - parallel_reduce Silverlight 2 App and Walkthrough: Leverage Silverlight 2 with SQL Server and XML		HP Demo: StorageWorks EVA4400 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES