The French Security Incident Response Team (FrSIRT) is reporting a newly discovered flaw in Internet Explorer (IE), and related to the Microsoft Msdds.dll library file. In fact, it’s so new, that there isn’t even a patch for it at the time of this writing. Because the Msdds.dll library file must be present in order for the flaw to be exploited, those with the Msdds.dll library are likely at highest risk.
Said an FrSIRT spokesperson, “Microsoft said that this library is installed with Visual Studio but we do not have Visual Studio installed on our lab machines” (and yet the Msdds.dll library file was present). They have also confirmed the flaw with IE6 on a Windows XP system with SP2 and all patches to date.
Of course, while there isn’t a patch for this flaw available yet, the code to exploit the flaw is available on the Internet.
Like some other flaws, this one is of the nature such that the bad guys can craft a malicious site, and if a user visits the site with a system with the flaw, the bad guys can take control of the user’s PC, and install a back door for future use.
Some Internet security companies, such as Websense, have already added detection for the flaw. However a spokesperson for Microsoft said that while they were aware of the flaw, they were unaware of any attacks using the flaw, and that when they were done investigating the flaw, they would take appropriate action.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.