Fix a Microsoft Vulnerability

Try this experiment: Click on the simple test created by greymagic.com. If a calculator pops up, you have a problem: your computer is configured to allow web sites to run programs on your machine … without using Active X, which is usually the culprit for such security holes.

If the calculator didn't pop up, you can congratulate yourself, you're probably running Unix, a Mac, using Firefox, or all at once. If you're just using Firefox on a windows machine, you might want to open up IE and try it again, just to be safe.

If you want to understand the problem a bit better there's a sort of explanation at DSO Exploit – Executing programs without Scripting or ActiveX.

If you are (justifiably) nervous about running a self-described exploit on your machine, and thus don't want to click the link above, you can download and run Spybot, which will tell you if you have the vulnerability (and check for many others as well).

How do you fix the problem? That's a little complicated as it may require you edit your registry settings (I'm unclear if Spybot actually fixes the problem or not). Instructions on doing this can be found at the link to DSO Exploit – Executing programs without Scripting or ActiveX.

This entry was posted in Software. Bookmark the permalink.

12 Responses to Fix a Microsoft Vulnerability

  1. Mojo says:

    Netscape handled it with no problem. With IE, Norton Antivirus stepped in. Even Windows can sometimes work if you put lots of bandaids on it.

  2. I have no mac, no unix, no firefox, still didn’t pop up the calculator with IE. Do I still get to congratulate myself? God knows I’ll take what I can get in that department.

  3. Ed Bott says:

    Michael,

    I write about Windows and Windows security for a living. This particular security advisory was from February 2002. It has long since been corrected. Any Windows user who is up to date with security patches – a procedure that is required with ALL operating systems, including the Mac OS and all variants of Linux – is protected from this.

    It’s also one of the least problematic security issues I know. An attacker who successfully exploited this issue on an unpatched machine could not plant a program on your computer or execute a program from another location. He could only run an existing program on your PC, and then only if he knows the exact location of that program on your PC. It was an interesting proof of concept but it required a lot more work before it could be used for a hostile action.

    On March 28, 2002, Microsoft published Security Bulletin MS02-015, which publicly addressed the problem:
    http://www.microsoft.com/technet/security/…n/MS02-015.mspx

    A fix was included in Internet Explorer Security Update, March 28, 2002:
    http://www.microsoft.com/windows/ie/downlo…182/default.asp

    This fix is included in Windows XP with Service Pack 1 or later.

    Best regards,

    Ed Bott
    Author
    Windows XP Inside Out
    Windows Security Inside Out

  4. Pingback: Ed Bott - Windows (and Office) Expertise

  5. Pingback: Ed Bott - Windows (and Office) Expertise

  6. Ed Bott says:

    Apologies… The link in my earlier comment was truncated. The full link to the Microsoft Security Bulletin is here:

    http://www.microsoft.com/technet/security/bulletin/MS02-015.mspx

  7. Michael says:

    Ed – Thank you for the correction (why does blogging remind me of the old USENET line that “the fastest way to get correct information is to post mis-information”?).

    Assuming you are right, that means there’s an error in Spybot, as I have win xp fully patched running on this machine and it not only says I have the problem, it says it even after I tweaked the registry….

  8. Ed Bott says:

    It is indeed an error in Spybot S&D. I discuss this error in a new post at my blog.

    http://www.edbott.com/weblog/archives/000262.html

    Ed

  9. Pingback: Ed Bott - Windows (and Office) Expertise

  10. talkleft says:

    Great (sarcasm)–I clicked and McCaffee popped up and said there’s a trojan virus in the file. Now it’s scanning my entire computer. Has this happened to anyone else? I think you should dump this link.

  11. Ed Bott says:

    That’s not a virus. It’s a demonstration file that ACTS like a security exploit (which ccould be used to spread a virus but in this case is only opening a demonstration file). Your AV software has no way of knowing that the link you clicked is benign and has no hostile payload, so it does the sensible thing and tries to block it.

    If that’s all you did, you have nothing to worry about.

  12. Pete Henry says:

    Iunderstand. Unfortunately when Norton caught it, it sent an email message to the IS security folks, and now they’ve written a trouble ticket to “get rid of the virus I downloaded.”

    —–

Comments are closed.