The Evil Empire
Information about Microsoft, bugs, security holes, and dirty business tactics.
Updated irregularly (about once per week)
January 2005
December 2004
November 2004
October 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
Older archives
November 22, 2004
Tech news website hit by worm
The British tech news website, The Register, was forced to discontinue serving banner ads from third party ad serving company Falk AG on Saturday after some of the ad banners were infected by the Bofra/Iframe exploit. The Bofra worm is one of several that can infect a PC with a single click and exploits a vulnerability in Microsoft's Internet Explorer web browser. More... [Sydney Morning Herald]
List of vulnerabilities in MS Internet Explorer
Microsoft Internet Explorer 6 with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Extremely critical. This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Currently, 18 out of 69 Secunia advisories, is marked as "Unpatched" in the Secunia database. More... [Secunia]
November 21, 2004
IFRAME Exploit Spreading Through Banner Ads
Banner ads appearing on popular European web sites have been directing traffic to sites that install malware on visitors' computers, according to the Internet Storm Center. The attacks are exploiting an unpatched flaw in the way Internet Explorer 6 handles the IFRAME tag.
Users clicking on the banners are being infected with variants of the Bofra worm that has been propragating through e-mail and malicious web sites. Bofra appeared just days after the revelation of the IFRAME vulnerability, which affects Internet Explorer 6 on all Windows platforms except Windows XP Service Pack 2 (SP2). This vulnerability allows attackers to gain complete control of a user's computer.
Microsoft has not issued a patch for the Internet Explorer IFRAME hole for users that have yet to install SP2. However, a German security researcher has issued an independent patch, prompting discussion among security vendors about the risks of "unofficial" patches. The ISC recommended that IE6 users who haven't installed the SP2 update "utilize a different web browser until a patch is released by Microsoft." More... [Netcraft]
November 20, 2004
More Security Holes Found In Internet Explorer 6.0
Three more vulnerabilities in Microsoft's Internet Explorer 6.0 browser were disclosed Wednesday by Danish security vendor Secunia, bringing the total of IE bugs found by the firm in the last two months to an even dozen.
Two of the flaws were tagged as "moderately critical" by Secunia, which relayed the warnings from a pair of researchers in an online alert posted to its site. One relates to the Windows XP SP2 feature that warns users when opening certain types of downloaded files, such as .exe files. The second of the pair involves a bug in how some documents are saved using a Javascript function. "A combination of [the] vulnerabilities can be exploited by a malicious Web site to trick a user into downloading a malicious executable file masqueraded as a HTML document," said Secunia in its online advisory.
There is no fix for the two IE holes since they can even be exploited on Microsoft's newest edition of IE 6.0, the one delivered with SP2. More... [InformationWeek]
Bofra/IFrame Exploits on More Web Sites
On October 24, a vulnerability was discovered in the IFRAME tags of Internet Explorer 6.0 affecting all Windows platforms except Windows XP SP2. This vulnerability can be exploited by going to a web-site that has malicious code. Currently, some high profile sites with banner ads are linking to servers that have the exploit and malicious code. There is no patch for this vulnerability! Windows XP SP2 has been reported as not vulnerable. If you are running IE 6, you are highly recommended to utilize a different web-browser until a patch is released by Microsoft. Microsoft has confirmed the vulnerability with media organizations, but is yet to release any statement on their website. More... [SANS]
November 10, 2004
Microsoft Internet Explorer permits to examine the existence of local files
There is a security bug in Microsoft Internet Explorer, which allows to check the existence of local files in system directories. Successful exploitation allows the author of a malicious web site to plan attacks against the target computer. Also, an attacker can use this "feature" to verify existence of local files. The bug occurs because Microsoft Internet Explorer does not open a window if the target file exists; but it will open a window if the file does not exist. More... [Bugtraq]
November 09, 2004
New MyDoom draws on IE flaw to spread
A new version of MyDoom uses an unpatched flaw in Microsoft's Internet Explorer to spread, antivirus companies warned on Monday. The recently discovered vulnerability in the browser software allows the offshoot to infect a PC after a user clicks on a link, according to advisories from security software makers Symantec and McAfee. The program sneaks past antivirus applications that detect malicious software by scanning e-mail messages with attached programs. More... [CNet News.com]
November 06, 2004
YAEIV - Yet another Internet Explorer Vulnerability
Most major security firms are reporting today that a new Internet Explorer (IE) vulnerability has begun circulating. The vulnerability takes advantage of a weakness in the way IE handles the "name" and "src" attributes in IFRAMEs, meaning that merely visiting a webpage could compromise a computer.
The vulnerability affects any program using the MSHTML rendering control from Microsoft's Internet Explorer software, including email programs, AOL and Lotus Notes. The bug is especially serious, as working code has been sent to several large mailing lists, resulting in hundreds of attacks in just the last 24 hours.
The term YAEIV has begun circulating on security newsletters and discussion groups as a direct result of the sheer number of IE vulnerabilities being reported of late. More... [IT Observer]
November 04, 2004
Internet Explorer security loophole permits full access
On the Bugtraq security mailing-list an exploit for a hitherto unknown security loophole in Internet Explorer 6.0 has been published with which an intruder could gain full access to the system. Opening an appropriately-rigged document or visiting a doctored Web page will apparently suffice for this to happen. Unlike the case with the many previous loopholes in Microsoft's browser, this time the fault lies with the elementary processing of HTML code. More... [Heise]
November 03, 2004
IE exploits top web security threat list
Internet Explorer exploits posed the fastest growing web security threat to enterprises in the last quarter, according to web security services firm ScanSafe. The top exploit was used to attack twice as many businesses as any other web security threat in Q2 2004. ScanSafe reckons the many vulnerabilities recently exposed in popular web browsers, such as runaway market leader Internet Explorer, are creating a ready mechanism for crackers to compromise systems simply by conning users into visiting websites hosting malicious content. More... [SecurityFocus]
November 01, 2004
New URL spoofing bug in Microsoft Internet Explorer
There is a security bug in Internet Explorer 6.0 (fully patched), which allows to show any faked target-address in the status bar of the window. This is because Microsoft Internet Explorer can't handle links surrounded by a table and another link correctly. The bug can also be exploited using HTML mail message. More... [Bugtraq]
