Mitigating factors
There are no existing mitigating factors, unless you routinely disable Active Scripting in IE.
Fix
Disabling Active Scripting can block these vulnerabilities. I trust that most admins probably know how to do this, but you may be able to save some time by providing your users with these simple directions provided by CERT. Of course, disabling Active Scripting can play havoc with the way some Web sites work.
Microsoft has not yet released any fixes for the vulnerability. You should keep a watch on Microsoft's security site to see if the company has responded to this new and critical threat.
Final word
Perhaps because of the new monthly security update policy at Microsoft, these vulnerabilities were widely known before any Microsoft Security Bulletin was released. Even if patches are available by the time you read this, they will be brand new and untested by large numbers of users. That means they may contain bugs, as new patches often do.
Also watch out for:
Cisco Systems has warned that Aironet 1100, 1200, and 1400 series access points can permit WEP keys to be transmitted in plaintext over SNMP-managed network servers. A patch is available.
A flaw in the Linux kernel has caused the Debian Project to warn that attackers compromised four of the project's development servers in mid-November. This was a privilege escalation attack and Debian has said that none of its open source code has been compromised. You can update to Debian version 2.4.23 to prevent this problem on your servers. The attacker worked through a compromised developer's computer and successfully penetrated the bug tracking system, source code database, mailing lists, Web site, and security patch servers. Debian says that because it requires developers to include digital signatures, they were able to check the databases and found no problems.
Gentoo Linux has taken one or more of its servers offline, apparently because of the same vulnerability that was exploited at Debian. A Gentoo security bulletin reports that the rsync.gentoo.org rotation server was compromised. Note that a quote from the Gentoo site says: "Gentoo Linux can become an ideal secure server."
If you're experiencing problems with Symantec's 2004 software, which includes a new product activation process, you're not alone. ZDNet reports that some users find the software keeps demanding activation on every reboot and eventually locks up the system. Symantec says they have corrected the problem. On a personal note, I recently installed Norton Internet Security 2004 and have had repeated problems involving extremely intensive disk access, which caused a temporary denial of service event, and that's just on a nonnetworked workstation. There is a patch for the registration problem posted on the Symantec site.
The next version of Microsoft Internet Explorer, due in 2004, will include a pop-up blocker. Many of you probably already have blocking software installed, but including it right in IE will greatly ease the maintenance chores of administrators, if Microsoft does it right.
A Microsoft representative speaking at a recent cybersecurity conference in Wiesbaden, Germany, told the audience that virus writers are still winning the security war and costing the world's IT resources about $13bn every year.
