 |
• June 10, 2004 •
Microsoft has confirmed a report of a security issue known as Download.Ject affecting customers using Microsoft Internet Explorer, a component of Microsoft Windows.
Last Friday, Microsoft released a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address this issue (Windows 9x/Me have now also been addressed). Microsoft strongly encourages users to apply this configuration change immediately to help protect their computers.
You can get the update from the WindowsUpdate Web site.
The initial discovery of this vulnerability came when on Thursday, June 24, 2004, Microsoft responded to reports that some customers running IIS 5.0 (Internet Information Services), a component of Windows 2000 Server, were being targeted by malicious code, known as "Download.Ject." Internet service providers and law enforcement, working together with Microsoft, identified the origination point of the attack -- a Web server located in Russia -- and shut it down on Thursday, June 24, 2004.
The vulnerability is caused when an existing functionality was combined with known security vulnerabilities in Microsoft Internet Explorer. An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.
Microsoft also made this update available for Windows Millennium Edition, Windows 98, and Windows 98 Second Edition under the extended support for critical security issues.
You can find more information on this update, including a way to manually secure your PC in Microsoft Knowledge Base Article 807669.
You should also visit the What You Should Know About Download.Ject Web page, this contains additional information, including how to determine if your computer has been infected with the malicious code.
Note: Users of Windows XP Service Pack 2 Release Candidate 2 (Windows XP SP2 RC2) are not at risk.
