By Lisa Vaas July 11, 2007
Be the first to comment on this article
There's still no consensus regarding whether the zero-day vulnerability that security researcher Thor Larholm found is on Internet Explorer or on Firefox. But more to the point, there is a way to block the exploit, which otherwise could lead to remote system hijacking.
According to Microsoft Security Program Manager Jesper Johansson, blocking the exploit boils down to deleting Firefox protocol handlers. To do so on a single computer, he said, requires running these commands:
ADVERTISEMENT
reg delete HKCR\FirefoxHTML /f
reg delete HKCR\FirefoxURL /f
reg delete HKCR\Firefox.URL /f
One way to kill the protocol handlers on multiple machines is to group policy script and SMS packages, he said. Rolling the fix out to thousands of machines can be done by creating a batch file deployed as a startup script.
To enable restoration of the protocol handlers, Johansson recommended running this command on any machine with Firefox installed:
reg export HKCR\ backup.reg
"That will create a reg script that you can use to re-import the settings once Mozilla produces a patch to fix the problem," he said.
Larholm initially blamed the vulnerability on an input validation flaw in Internet Explorer that allows users to specify arbitrary arguments to the process responsible for handling URL protocols. It's the same type of input validation vulnerability that Larholm discovered in the Safari 3 beta, he said.
http://feeds.ziffdavis.com/~r/ziffdavis/eweek/Security/~3/132749649/0,1759,2157333,00.asp
留言列表
