Security
SHARE
Facebook X Pinterest WhatsApp

Microsoft: Out-of-Cycle Security Patch Coming

Written By
thumbnail
Ryan Naraine
Ryan Naraine
Jul 28, 2004

Microsoft plans to release an out-of-cycle security
patch next week to fix a software flaw that led to the sophisticated
Download.Ject malware attack, company officials disclosed on Wednesday.

The company will release the patch, which is currently being tested, next week as
a “critical” security update to provide a “long-term solution to the core
vulnerability” that led to the Download.Ject attack.

Dean Hachamovitch, Microsoft group product manager for Internet
Explorer, made the announcement, saying the patch would cover IE versions 5.01,
5.5 and 6.0.

The software giant has already released a Trojan
detection and removal tool to help PC users clean up after the attack, which
targeted well-known software flaws to install keystroke loggers and other
malicious code on infected systems.

The 118 kilobyte removal tool is programmed to remove the payload
delivered by the server-side Download.Ject Trojan. The Trojan, also known as
Scob, exploited vulnerabilities in Microsoft’s IIS 5.0 servers and IE
to distribute malware programs. It started spreading
late last month after unknown attackers uploaded a small file with
JavaScript to infected Web sites running Microsoft IIS 5.0 servers.

A user visiting an infected site with IE automatically became infected
with the JavaScript, which triggered a download from a Russian Web site. The
download included Trojan horse programs like keystroke loggers, proxy
servers and other back doors providing full access to the infected
system.

In addition to the Trojan detection and removal tool, Microsoft issued a
slew of Windows configuration changes
aimed at thwarting the Download.Ject attack. Hachamovitch said
that those changes did not provide a complete fix to
the core vulnerability.

“Our users should have confidence that as long as they’re running the
latest browser with all the latest security fixes, they will have the
most powerful and secure browsing experience,” Hachamovitch said.

Microsoft is also testing a clean-up tool for the latest mutant of the
MyDoom virus that started squirming
through major search engines earlier this week. The virus has
been programmed to launch of distributed Denial of Service attacks
against the Microsoft.com home page.

When it’s released, the tool will be available for download here.

thumbnail
Ryan Naraine

Recommended for you...

thumbnail
Best Internet Security Software
Security
Best Internet Security Software
Devin Partida
Mar 23, 2022
thumbnail
HP Wolf Security Report Shows Threat Landscape Getting Scarier
Security
HP Wolf Security Report Shows Threat Landscape Getting Scarier
Rob Enderle
Oct 15, 2021
thumbnail
Microsoft Gets Rid Of Passwords: I Can Almost Hear Angels Singing
Blog
Microsoft Gets Rid Of Passwords: I Can Almost Hear Angels Singing
Rob Enderle
Sep 17, 2021
thumbnail
The Coming AI Threats We Aren’t Prepared For
Security
The Coming AI Threats We Aren’t Prepared For
Rob Enderle
Aug 27, 2021
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information