Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
Guest wsxedcrfv

New IE6-SP1 vulnerability

Recommended Posts

It's actually not IE tied to Windows, it's the other way around, but yeah - it raises the attack surface. They're finally getting away from it with IE8 and Win7, but that doesn't help folks using older OSes for sure.

Share this post


Link to post
Share on other sites

I definately don't use IE6 as an internet browser anymore, but what else should us Win98 users with IE6 do?

I have set IE6's security level to HIGH. Is that enough?

Share this post


Link to post
Share on other sites
I definately don't use IE6 as an internet browser anymore, but what else should us Win98 users with IE6 do?

I have set IE6's security level to HIGH. Is that enough?

I don't think there's a definitive answer for you. I've read the exploit makes use of javascript, I'd personally disable that in IE too.

Share this post


Link to post
Share on other sites

Microsoft have release a patch that adds DEP to Internet Explorer 6 for Win 2000/XP. I wonder if it can be made to work on Win9x

http://support.microsoft.com/kb/979352

We have also created an application compatibility database that will enable Data Execution Prevention (DEP) for all versions of Internet Explorer. You do not need this database if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3) or on Windows Vista SP1 or later versions. This is because Internet Explorer 8 opts-in to DEP by default on these platforms.

Share this post


Link to post
Share on other sites
Microsoft have release a patch that adds DEP to Internet Explorer 6 for Win 2000/XP. I wonder if it can be made to work on Win9x

http://support.microsoft.com/kb/979352

We have also created an application compatibility database that will enable Data Execution Prevention (DEP) for all versions of Internet Explorer. You do not need this database if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3) or on Windows Vista SP1 or later versions. This is because Internet Explorer 8 opts-in to DEP by default on these platforms.

DEP requires PAE (Page Address Extensions) which is not available for Windows 9X.

Share this post


Link to post
Share on other sites
Guest wsxedcrfv
I didn't realise PAE was part of Win2k

Only win-2K advanced server and datacenter server are mentioned here:

http://support.microsoft.com/kb/283037/

http://msdn.microsoft.com/en-us/library/aa366796(VS.85).aspx

http://support.microsoft.com/default.aspx?...kb;EN-US;268363

Note that win-2k is not mentioned in the following:

-----------

http://www.microsoft.com/whdc/system/platf...PAE/PAEdrv.mspx

Although support for PAE memory is typically associated with support for more than 4 GB of RAM, PAE can be enabled on Windows XP SP2, Windows Server 2003, and later 32-bit versions of Windows to support hardware enforced Data Execution Prevention (DEP).

-----------

If DEP requires PAE on 32-bit OS's (which seems to be the case) and if the plain vanilla versions of win-2k do not support PAE, then they also can't support DEP - unless Microsoft releases some sort of appropriate (and rather sophisticated) patch for win-2K?

Share this post


Link to post
Share on other sites
I didn't realise PAE was part of Win2k

Only win-2K advanced server and datacenter server are mentioned here:

http://support.microsoft.com/kb/283037/

http://msdn.microsoft.com/en-us/library/aa366796(VS.85).aspx

http://support.microsoft.com/default.aspx?...kb;EN-US;268363

Note that win-2k is not mentioned in the following:

-----------

http://www.microsoft.com/whdc/system/platf...PAE/PAEdrv.mspx

Although support for PAE memory is typically associated with support for more than 4 GB of RAM, PAE can be enabled on Windows XP SP2, Windows Server 2003, and later 32-bit versions of Windows to support hardware enforced Data Execution Prevention (DEP).

-----------

If DEP requires PAE on 32-bit OS's (which seems to be the case) and if the plain vanilla versions of win-2k do not support PAE, then they also can't support DEP - unless Microsoft releases some sort of appropriate (and rather sophisticated) patch for win-2K?

The page pointed to by your last link mentions Windows 2000 more than once. They just didn't include it in their list of Maximum RAM capabilities.

They also say that DEP automatically activates PAE.

The only alternative to DEP is limiting the Code Segment, but this would make DLLs not executable. So it is not a solution.

Share this post


Link to post
Share on other sites

']I definately don't use IE6 as an internet browser anymore, but what else should us Win98 users with IE6 do?

As long as IE resides on your system, you are generally vulnerable to all its attack points, even if you never use it to browse. (The same goes for other MS programs that have similar vulnerabilities, such as Outlook Express).

If safety is your highest concern, you should remove the app and use a third party product for browsing, mail, etc.

Share this post


Link to post
Share on other sites

http://www.microsoft.com/downloads/details...05-7d5370263c1b

Here it is (for Win 2K SP4). I Hope its contents are compatible.

BTW, you might be interested to know this exploit was reported to MS in September 2009:

http://news.cnet.com/8301-27080_3-10439004-245.html

"When the attack discussed in Security Advisory 979352 was first brought to our attention on January 11, we quickly released an advisory for customers two days later," he wrote. "As part of that investigation, we also determined that the vulnerability was the same as a vulnerability responsibly reported to us and confirmed in early September."
Edited by Steven W

Share this post


Link to post
Share on other sites

DEP (+ implicitly PAE) is only available to modern Intel [P4 + all multi-core] + AMD CPUs.

DEP capabilities have been enabled by MS only into XP SP2, XP SP3 and newer Windows OSes: 2003 SP1 (and newer), Vista, 2008 + 7.

To Execute or not to Execute:

http://en.wikipedia.org/wiki/Executable_space_protection

PAE:

http://en.wikipedia.org/wiki/Physical_Address_Extension

How to enabled DEP on MS OSes:

http://support.microsoft.com/kb/875352

More details:

http://blogs.zdnet.com/Ou/?p=150

HTH

Share this post


Link to post
Share on other sites
Guest wsxedcrfv

Was the Win-2K patch for KB978207 supposed to implement or activate DEP on that OS? Did it?

Share this post


Link to post
Share on other sites
Was the Win-2K patch for KB978207 supposed to implement or activate DEP on that OS? Did it?
No, Windows 2000 never had those functions implemented, and is not DEP aware. And this mere Internet Explorer patch (which installs only web browser files) cannot do that. :rolleyes: DEP support requires dedicated code built into OS core files, like ntoskrnl.exe and similar.

DEP was enabled beginning with WinXP SP2 (and onwards).

MS never released a Win2000 SP5, therefore this will never happen. Support cycle expired for Win2K OS patches, only critical security patches are now released, and only until July 2010, when the entire Win2000 OS reaches the end of "extended" support period.

http://support.microsoft.com/lifecycle/

But Win2000 is "PAE" enabled (in SP4 anyway), so one can use that parameter in BOOT.INI [ /PAE], to take advantage of computers (sort of) with more than 4 GB RAM (Intel address extensions), even if the OS is 32-bit.

http://www.microsoft.com/whdc/system/platf...pae/paedrv.mspx

BOOT.INI params:

http://web.archive.org/web/20080105023918r...s/bb963892.aspx

And fyi just in case you're asking, none of the 9x OSes [Win95/98/ME] have code for any of these functions.

HTH

Share this post


Link to post
Share on other sites

Also, at least until the MS guys don't find it and delete it as they did for the original page:

http://technet.microsoft.com/en-us/sysinte...s/bb963892.aspx

however still listed on the "index" page here:

http://technet.microsoft.com/en-us/sysinte...s/bb469934.aspx

(which redirects to the Sysinternals homepage)

can still be found here:

http://www.microsoft.com/taiwan/technet/sy...on/bootini.mspx

This is supposedly the new page:

http://msdn.microsoft.com/en-us/library/ms791480.aspx

I guess the good MS guys should really put together their act, and either leave things where they are or, if moving them, link to the new place where they moved them. :whistle:

jaclaz

Edited by jaclaz

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...