CAN20030908a
Internet Explorer Flaws Expose Systems To Hackers

Program Flaws Allow Hackers To Run Code Through Hostile Web Sites, E-mails

Dates & Revisions

• Original CAN date: September 8, 2003
• Latest revision: September 11, 2003

Systems Affected

Problem Overview

A series of newly-detected flaws in Microsoft Internet Explorer versions 5.01 and higher has been discovered to lower a system's security by allowing programs to be executed without the user's knowledge and/or permission. These flaws can be triggered by simply visiting a hostile web site (a site which has contains code specifically designed to take advantage of these program bugs) or by opening a specially-crafted HTML e-mail message which contains code to exploit the flaws.

It is important to note that you do not have to be using Internet Explorer as your web browser to be affected by these issues. You simply need to have IE installed on your computer to be vulnerable.

The likelihood of these issues affecting your computer has increased significantly over the last few days due to a major Internet Service Provider having their hosted web sites infected with code which triggers the security flaws. Hosting provider Interland, a national ISP with which hosts nearly 250,000 web sites for small- and medium-sized businesses, announced today that many of the web sites hosted by their system had been infected last week with code which could cause visitors to those web sites to become vulnerable to hacking activity. After visiting an infected web site, visitors would have a proxy server program secretly downloaded from a hacker's web site to their systems and executed. By accessing the proxy server, the hacker could use the visitor's computer to perform illegal activities, including (but not limited to) sending spam e-mails, hosting illegal material, and/or identity theft. The owner of the site from which the executable program was downloaded had a Ukrainian address and runs a site that is known to trade in stolen credit card information.

Because similarly malicious code can be imbedded within HTML e-mails, many security experts expect to see new viruses and worms which will take advantage of these flaws soon. Microsoft has rated this a critical problem - protect yourself now.

Update: September 11, 2003

At least one known e-mail is circulating the Internet which now takes advantage of this security flaw. Simply by opening the e-mail, users will unwittingly trigger code which automatically downloads a program to their computers. This program (named drg.exe) will install a file (surferbar.dll) into their Internet Explorer web browsers which contains links to pornographic web sites.

Microsoft is also investigating potential security problems which may remain even AFTER applying the August 2003 Cumulative Patch, so please be aware that further patches for this issue may be forthcoming from Microsoft.

Problem Details

For detailed technical descriptions of the problem, please review the following links:

• Microsoft Security Bulletin MS03-032
• ComputerWorld article re: Interland Security Breach
• ComputerWorld article re: Possible Problems Remaining After Patch Installation

Please note that the organizations controlling the content of the web sites referenced by these links may periodically update the information on their sites as new details about the severity of the threat become known.

What Should I Do?

You should immediately:

• review the bulletins listed above, and
• verify that your system is affected by the threat, and
• apply the Microsoft patch referenced in the Microsoft article (the IE August 2003 Cumulative Patch) which corrects these issues.

What If I Am Unable To Fix The Problem?

If you are unable to correct these problems yourself or are unsure how to proceed, contact Logical Operators by clicking here and arrange to have one of our service technicians check your system and apply the corrections for you (standard service fees will apply). In addition to correcting the problem(s) listed in this CAN, our technicians can also test your system for thousands of other known threats which may be present on your system, make valuable recommendations on securing your system from future threats, and perform numerous other computing services.