Critical Vulnerability

[francois]

hi'

here is an alert dating yesterday, and it may affect a lot of PC's ...

here it is :

Critical vulnerability in a COM component of Windows

(18/08/05)

SUMMARY:

A vulnerability was discovered in certain versions of

the Microsoft component DDS Library Shape Control

(Msdds.dll) of Windows. This fault allows a hostile

individual to run of the remote code on the computer of

his(her) victim during the consultation of a Web page

trapped via the browser Internet Explorer. The

vulnerable file is not present default in Windows but

can have been installed by an application Office or

.NET.

SOFTWARE CONCERNED:

Considering the nasty character(typeface) of the

disclosure of this fault, at the moment there is no

reliable list of the applications susceptible to install

a vulnerable version of the component COM. Certain

averagely recent versions of Microsoft Office and Visual

Studio .Net should be a part of it.

CORRECTIVE:The discoverer of the fault having chosen not to

cooperate with the publisher before publishing his

discovery, for the moment there does not exist official

corrective and the risk of hostile exploitation is

maximal because the detail of the code allowing to run

(exploit) this fault was made public. To know if they

are for risk, the concerned users can simply launch a

search for the file Msdds.dll on their hard disk:

* If this file is not present, the computer is not

vulnerable. No supplementary action is necessary;

* If this file is present in its vulnerable or

doubtful version (right click on the file > "Properties"

> tab "Version"), 7.0.9064.9112 or subordinate in

7.10.x, besides the attentiveness towards the links and

not sure HTML files, by waiting for the availability of

an official corrective the users can also download and

run the utility KillBit of the internet Storm Center to

deactivate the coverage of the vulnerable component in

the browser Internet Explorer (to click "Yes" if the

indicated status is " currently UNSET " and "No."

otherwise). It is possible finally possibly to delete

the file Msdds.dll, but if it is used by certain

applications their functioning will be

disrupted(perturbed) keep at least a copy of the file or

do not empty the Windows dustbin to be able to restore

it in case of problem.

check asap!

francois

[Crossy]

Thanks for alerting us Francois

Microsoft have a security advisory here:-

http://www.microsoft.com/technet/security/...ory/906267.mspx

Should help anyone who is worried to determine their vunerability.

Hopefully it's not too widespread.

[cdnvic]

Merci M. Francois

cv

[lopburi3]

Please read the link from Crossy before you get too excited as only two versions seem to be at risk. What I have is not one of them and I suspect that is probably the case with a lot of people (if not most).

The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.

[francois]

Merci M. Francois

cv

hi'

you're welcome

I have read again the alert and whatever version of this dll you have you should run the tool, I don't have any of these dll versions, my system is clean!

if you have one of them check with the tool and apply if needed

francois

ps;prevent before having the need to cure

[Thetyim]

Thanks Francois.

I have checked and do not have that DLL

Running XP Pro

[Steve2UK]

Thanks Francois.

I have checked and do not have that DLL

Running XP Pro

<{POST_SNAPBACK}>

Likewise - always good to check, though.

[Morbius]

I did a check and I FOUND the msdds.dll file on my PC. The file version is 7.0.9064.9112 and it is located in the C:\Program Files\Common Files\Microsoft Shared\MSDesigners7 folder. I run Win XP Pro SP2.

I went to the Microsoft page that Crossy mentioned but I must say that I don't understand much of it.

What should I do? Which is this 'tool' that I should apply and where to find it?

Edited August 21, 2005 by Morbius