NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 2004-q3

Microsoft disables ADODB.Stream

From: Thor Larholm (thorPIVX.COM)
Date: Fri Jul 02 2004 - 10:39:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you are curious about what this configuration change might be, it is a
registry entry that sets the killbit on the ADODB.Stream ActiveX object. There
is a Knowledge Base article detailing how to manually implement this change and
there is a Critical Update available for download that accomplishes the same.

How to disable the ADODB.Stream object from Internet Explorer
http://support.microsoft.com/?kbid=870669

Critical Update for Microsoft Data Access Components - Disable ADODB.Stream
object from Internet Explorer (KB870669)
http://www.microsoft.com/downloads/details.aspx?FamilyID=4D056748-C538-46F6-B7C8-2FBFD0D237E3&DisplayLang=en

What You Should Know About Download.Ject
http://www.microsoft.com/security/incident/download_ject.mspx

Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
23 Corporate Plaza #280
Newport Beach, CA 92660
http://www.pivx.com
thorpivx.com
Stock symbol: (PIVX.OB)
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines a new genre in Desktop Security: Proactive Threat Mitigation.
<http://www.pivx.com/qwikfix>

----- Original Message -----
From: "Paul Marsh" <pmarshnmefdn.org>
To: "General DShield Discussion List" <listlists.dshield.org>
Sent: Friday, July 02, 2004 6:29 AM
Subject: [Dshield] Microsoft Statement Download.Ject Security Issue

>
> Microsoft Statement Regarding Configuration Change to Windows in
> Response to Download.Ject Security Issue
> http://www.microsoft.com/presspass/press/2004/jul04/07-02configchange.as
> p
> _______________________________________________
> list mailing list
> listlists.dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>
>

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]