Wednesday, January 12, 2011

Microsoft Fix it Available for Security Advisory 2488013

Microsoft released a Microsoft Fix it solution that uses the Windows Application Compatibility Toolkit to provide protection from the vulnerability in Security Advisory 2488013, in which exploit code is available.  This workaround only applies if the MS10-090 update for Internet Explorer is installed.  If MS10-090 has not been installed on your computer, it can be obtained from here.

Important Note:
Prior to 10:30 PM Pacific Time, 1/11/2011, the Fix it links in the KB Article incorrectly pointed to the Fixit for KB2490606 (information provided here). If you installed the Fixit 50590 prior to that time, you should install the Fixit using the current link in KB 2488013.

This vulnerability affects Internet Explorer 6, 7 and 8 on 32- and 64-bit Windows XP, Windows Vista and Windows 7 as well as Windows Server 2008 R2.

Fixit solution for recursive cascading style sheets
The Microsoft Fix it solution adds a check to check whether a cascading style sheet is about to be loaded recursively. If this is the case, the Fix it solution cancels the loading of the cascading style sheet. This Fixit solution takes advantage of a feature that is typically used for application compatibility fixes and can modify the instructions of a specific binary when it is loaded.

To enable or disable this Fixit solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it Wizard.

Note:  In addition to the requirement that the MS10-090 update for Internet Explorer be installed, this Fix it solution must be manually uninstalled before you apply a future Cumulative Security Update for Internet Explorer that contains a software fix for this vulnerability.

Enable:  Microsoft Fix it 50591
Disable: Microsoft Fix it 50592

Additional details about the Fix it solution are available in the Security Research & Defense Blog at New workaround included in Security Advisory 2488013.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: