Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE CRITICAL UPDATE: Disable ADODB.Stream object


  • Please log in to reply
7 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:35 AM

Posted 02 July 2004 - 01:58 PM

IE CRITICAL UPDATE: Disable ADODB.Stream object

http://support.microsoft.com/default.aspx?kbid=870669

An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.

Any line-of-business Web application that requires a file to be loaded or to be saved to the hard disk may use the ADODB.Stream object in Internet Explorer. For example, if an intranet server hosts a form that an employee must download and fill out, the ADODB.Stream object is used to obtain the file and to save the file locally. After the user edits the file locally and submits the file back to the server, the ADODB.Stream object is used to read the file from the local hard disk and to send the file back to the server.

Microsoft has provided two methods that you can use to disable the ADODB.Stream object from Internet Explorer. Only the ADODB.Stream object in Internet Explorer will be affected. No other ADO objects are affected by this change.

HOW TO DOWNLOAD THIS REGISTRY PATCH:

Select this link if you use W/2000 or XP

BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:35 AM

Posted 03 July 2004 - 08:25 AM

CAUTION: I've seen a few reports of Intranet applications breaking. From a corporate perspective, TEST, TEST, TEST ...

Hopefully, problem areas for this update will be few and far between. So far, I haven't seen widely reported issues, as most Internet and Intranet applications should continue to work properly. Still, I would recommend some quick testing of applications to avoid manually repairing workstations.

This update could impact users when older or poorly written Intranet based web apps break. The documentation notes there are no workarounds and implies "the application must be rewritten to avoid the ADODB.Stream vulnerability". If it's a critical application that breaks, then you may have to skip the update.

On the "breaking of applications" issues, MS has updated their site with backout instructions (you can't uninstall this update which basically scripts in a registry entry). To backout you will need to edit the registry to restore prior values:

http://support.microsoft.com/default.aspx?kbid=870669

"If you are running an application in a corporate intranet environment, and the corporate intranet environment currently uses the ADODB.Stream object with Internet Explorer, applying this update may cause the application to break. To restore application functionality, Microsoft recommends that you first set your Internet Explorer browser security level to High, and then you must clear the compatibility flag of the ADODB.Stream object "



#3 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:35 AM

Posted 05 July 2004 - 06:58 AM

Posted Image

This update which first appeared for Windows 2000 and XP users, it is now available for Windows 98. I applied this yesterday and no issues have surfaced so far in my own testing.

Critical Update for ADODB.stream (KB870669)
http://support.microsoft.com/default.aspx?kbid=870669

Click this link to install:
http://windowsupdate.microsoft.com/

#4 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:12:35 AM

Posted 13 July 2004 - 05:22 PM

Hi all.
Hope this is the right place to ask this.
Should I be worried? I use Firefox for everything except looking for MS updates. On July 2nd the Adodb.stream patch came through automatically. Today after the automatic d/load of the recent critical updates I found a desktop file that looked like a backup file. I tried unsuccessfully to open it, R clicked for properties, and found it was the adodb.stream file. I scanned with AVG, and then deleted it.
I have the following protecetion: ZApro, PestPatrol, Spyware Blaster, IE spyad, Spyware Guard, Adaware and AVG.
How would I know whether it was still lurking around, and where did it come from?
I'd be very grateful for any advice!

Cheers
Luci2a

#5 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:35 PM

Posted 13 July 2004 - 10:05 PM

This may have been the removal tool to scan and remove it from your computer. I believe it was on the MS page, though not in the critical update.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:35 AM

Posted 13 July 2004 - 11:41 PM

What was the name of the file exactly? Do you reember?

#7 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:12:35 AM

Posted 14 July 2004 - 01:09 AM

On the desktop it just had the little squiggle that I think is called a tilde. I think this is usually associated with backups? When I tried to open it, then clicked on properties, there was no information. I scanned it with AVG, then selected Firefox to try to open it, as I had recently enabled backup of my Firefox bookmarks, and wondered if it was that, which I haven't been able to find anyway. It was then that I thought I saw adodb.stream in the filename. FF could not open it anyway; I declined to save it, and deleted the whole thing.
It was only when reading the above thread later that I noticed the reference to adodb and started worrying!
I am really not 100% sure about the filename, so this may be an unnecessary panic, for which I apologise!

I am not a computer expert - just very grateful for advice for keeping safe!

Cheers
Luci2a :thumbsup:

#8 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:12:35 AM

Posted 14 July 2004 - 01:22 AM

Sorry John, forgot to reply to you. The MS updates yesterday came down automatically - would it have been in those if it had been the removal tool you mentioned? It was not there after the July 2nd update which addressed the adodb problem.

thanks for all help.

Luci2a :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users