« Morrison, Colorado | Main | J3nn1f3r »

March 28, 2006

Microsoft hangs people out to dry with Zero Day exploit

There's another reported security flaw in IE, and a wave of Zero Day Attacks underway. Predictably, Microsoft won't ship a patch any time soon, so I'm installing a temporary fix created by eEye Digital Security.

“This is a critical vulnerability that needs to be addressed immediately and, in the interests of our customers, we made the decision to release a temporary patch..." [snip] Maiffret continued, “eEye’s patch is not meant to replace the forthcoming Microsoft patch, but to provide immediate protection in lieu of an available fix. In fact, eEye has engineered the patch to automatically remove itself when Microsoft’s official patch comes through.”

However, this web page says something very different:

Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. Please note that at this time this workaround only supports Windows NT, Windows 2000, Windows XP, and Windows 2003 and is fully removable.

So...what's...uh...the deal?

I went here and downloaded version 1.0.1 of the patch (JScriptPatchSetup101.exe.)

I ran the .exe and chose Option 3 (apply temporary patch). Among the notes and warnings it displays the following:

  • This patch is a temporary fix and should be removed before the official Microsoft patch is installed.
  • This patch includes a checker that will uninstall itself when it detects a Microsoft patch has been installed. To disable the checker, run the installation with this command line (command is case-sensitive): JSCriptPatchSetup.exe NOCHECKER=1

After I ran it, I got a message that the patch had been successfully installed. Then, my Windows AntiSpyware Beta program gave me a nag and I said to allow the change. So, in theory, I'm protected, right? I don't use IE anyway, so it's not like it really matters.

Technorati tags:
Delicious tags:

Folksonomy:These icons link to social bookmarking sites where readers can share web pages.
digg  Furl  Spurl  Reddit  blinkbits  BlinkList  blogmarks  connotea  De.lirio.us  Fark  feedmelinks  LinkaGoGo  Ma.gnolia  NewsVine  Netvouz  RawSugar  scuttle  Shadows  Simpy  Smarking  TailRank  Wists  YahooMyWeb

Posted by Peenie Wallie on March 28, 2006 at 09:43 PM


Post a comment

Remember Me?

(you may use HTML tags for style)