[Seguridad] New Information on Configuration Changes for Internet Explorer and ADODB.stream

03/07/2004 - 04:09 por Enrique [MVP Windows] | Informe spam

Summary:
=On Friday, July 2, 2004, Microsoft is releasing a configuration
change for Windows XP, Windows 2000, and Windows Server 2003, to
address recent malicious attacks against Internet Explorer, also
know as Download.Ject. More information is available at
www.microsoft.com/presspass.

Windows customers are encouraged to apply this configuration change
immediately to help be protected from current Internet Explorer
exploits. The update is available on Windows Update.


Microsoft's guidance for consumers and enterprises is as follows:

Guidance for Consumers:
=
The configuration change will be delivered automatically for
customers that have enabled automatic updates from Windows
Update. The configuration change can also be obtained by
manually visiting the Windows Update site at
http://windowsupdate.microsoft.com .

Guidance for Enterprise customers:

Enterprise customers are encouraged to review a Knowledge Base
article for guidance on how to deploy the configuration change
across their networks. The Knowledge Base article can be
found at:

http://support.microsoft.com/default.aspx?kbid‡0669

Enterprise customers can also download the configuration
change from Microsoft's download center at:

http://download.microsoft.com

* Customers who have installed Windows XP SP2 RC2 are already
protected from the Download.Ject exploit and do not need the
update.

* This configuration change is a defense in depth measure which
disables an ActiveX control known as adodb.stream. Disallowing
this functionality prevents an attacker from placing malicious
code on a PC hard drive and will prevent the Download.Ject attack.

* Customers can get more information about the Download.Ject attack,
how to be protected and how to get cleaned in the event of
infection at:

http://www.microsoft.com/security/i..._ject.mspx .


Support:
=Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with this update.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common...ional.aspx

Additional Resources:
==* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/se...fault.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/se...wdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************




Saludos,
Enrique Cortés
Microsoft MVP - Windows - IE/OE
ekort@ESTONOVALEhotmail.com

Normas de conducta de los grupos de noticias:
http://support.microsoft.com/defaul...newsreglas
http://www.microsoft.com/communitie...fault.mspx

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.

Preguntas similare

Leer las respuestas

#1 noSign
03/07/2004 - 10:28 | Informe spam
guardar el texto como ADODB.stream-kill-bit.reg y activarlo despues (doble clic)


(copiar y pegarlo en notepad por ejemplo)





REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-0AA006D2EA4}]
"Compatibility Flags"=dword:00000400
Respuesta Responder a este mensaje
#2 noSign
03/07/2004 - 10:28 | Informe spam
guardar el texto como ADODB.stream-kill-bit.reg y activarlo despues (doble clic)


(copiar y pegarlo en notepad por ejemplo)





REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-0AA006D2EA4}]
"Compatibility Flags"=dword:00000400
Respuesta Responder a este mensaje
#3 noSign
03/07/2004 - 10:28 | Informe spam
guardar el texto como ADODB.stream-kill-bit.reg y activarlo despues (doble clic)


(copiar y pegarlo en notepad por ejemplo)





REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-0AA006D2EA4}]
"Compatibility Flags"=dword:00000400
Respuesta Responder a este mensaje
#4 milon
03/07/2004 - 10:31 | Informe spam
Hash: SHA1

Fecha: Sat, 3 Jul 2004 10:28:09 +0200
Quien: noSign
Asunto: Re: [Seguridad] New Information on Configuration Changes for Internet Explorer and ADODB.stream
Message-ID:

Hola noSign:

No creo que haga falta. En el WindowsUpdate ya hay el parche que corrige
los fallos del ADODB.Stream.

Por lo tanto, eso dicen, que ya se arregla sin problemas ;-)

Slds...
ICQ: 117844560 Milon. Miembro del grupo A.H.E.
Linux User: #206958 milon AT hackindex DOT com
milon AT hackindex DOT org PGP Key: 0xFD913988 0xD522C952

Respuesta Responder a este mensaje
#5 milon
03/07/2004 - 10:31 | Informe spam
Hash: SHA1

Fecha: Sat, 3 Jul 2004 10:28:09 +0200
Quien: noSign
Asunto: Re: [Seguridad] New Information on Configuration Changes for Internet Explorer and ADODB.stream
Message-ID:

Hola noSign:

No creo que haga falta. En el WindowsUpdate ya hay el parche que corrige
los fallos del ADODB.Stream.

Por lo tanto, eso dicen, que ya se arregla sin problemas ;-)

Slds...
ICQ: 117844560 Milon. Miembro del grupo A.H.E.
Linux User: #206958 milon AT hackindex DOT com
milon AT hackindex DOT org PGP Key: 0xFD913988 0xD522C952

Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaSiguiente Respuesta Tengo una respuesta
Search Busqueda sugerida