MoMusings

Thursday 2nd December, 2004

Bofra exploit patched [at last!]

Filed under: All, Malware

Sheesh, it only took Microsoft a month to extract their digit from their proverbial and actually patch the exploit that the Bofra (nee Mydoom) family of mass-mailing worms used to get onto systems via infected websites.

Microsoft should be very embarrassed about this, and the Firefox/Mozilla camp are reaping the benefit of Microsoft’s slow response to fixing this ‘critical’ hole in its browser.

The new patch is known as MS04-40 and has been tested and seems to work, although there have been a few postings to full-disclosure to say that it doesn’t always work. To maximise the chance of it ‘taking’ you should ensure that:

1. You have IE6 SP1 installed.
2. You apply MS04-40.
3. You reboot your system.

The full list of recent security bulletins/patches can be found here.

The simplest way is to use the Windows Update site or service to ensure that you are fully patched.

The IFRAME exploit that Bofra used was discovered on the 2nd of November. More details on this can be found here.

As mentioned in a previous article this is not the first time that Microsoft have left their customers un-patched, however it is now the longest time for an exploited vulnerability in their products (so far, unless you know different)…..30 days! Malware can infect a sizable portion of systems on the internet in under 30 minutes….come on Microsoft, get your act together, or lose your customers….your credibility with regard to security went AWOL* long ago.

Fallout from Bofra:

According to a number of sources ad-servers used by many well-known companies and news services were hacked and were used to infect vulnerable systems that connected to them, or on the websites where their ads were served to.

More details on this can be found here:

http://channels.lockergnome.com/web/archives/20041122_ad_server_hack_spreads_worm.phtml
http://www.theregister.co.uk/2004/11/22/falk_bofra_statement/

*AWOL = Absent WithOut Leave

Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.

All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.

Comments »

The URI to TrackBack this entry is: http://momusings.blogsome.com/2004/12/02/bofra-exploit-patched-at-last/trackback/

No comments yet.

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>


Get free blog up and running in minutes with Blogsome | Theme designs available here