Hole in Registery Keys on Office and Windows 2000

[Dippy]

I run office and Windows 2000 on a 500 Pentium III PC with
256 megs of ram and a 75 gig hardrive. Intel chip and
motherboard.

I was warned about the proliferation of spyware and
downloaded Spybot 1.3 Search and Destroy freeware from
Tucows.

It seems to have weeded-out all manner of assorted junk
except for one that remains hanging in the air, just like
a bad smell.

At the end of every scan, after 'Immunization', it always
shows, every single solitary time, that it has picked-up
an item that it lists as:

DSO Exploit

Under details, it shows the following message:

DSO Exploit: Data source object exploit (Registry change,
fixed)
HKEY_USERS\S-1-5-21-1343024091-1383384898-1708537768-500
\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-07-09 Includes\Cookies.sbi
2004-07-09 Includes\Dialer.sbi
2004-07-09 Includes\Hijackers.sbi
2004-07-09 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-07-09 Includes\Malware.sbi
2004-07-09 Includes\Revision.sbi
2004-07-02 Includes\Security.sbi
2004-07-09 Includes\Spybots.sbi
2004-07-09 Includes\Tracks.uti
2004-07-09 Includes\Trojans.sbi

This leads to some information to the effect that there is
a 'hole' that has not been closed by Microsoft, referring
again to a Microsoft home link, a Microsoft Security link
and a Microsoft '.windows/-ie' link.

Needless to say, I find it impossible to actually contact
those folk!!!?? (I'm sure I'm not alone............!!!)

There is also a note about a link
to 'http://security.greymagic.com/adv/gm001-ie/' for more
information. This expands to say that there is a 'hole' or
flaw in the system, but I know zip about computers - and
even less when there is any kind of glitch - it is
meaningless to me.

Can anyone throw any light on this for me in layman's
terms, as it seems that Microsoft either can't or won't
fix it, from the looks of things.

Thanks all!

 

[Guest]

Make sure you have all of the latest critical updates and service packs.

Ian Bagnald
MCSE:Security W2K
MCSA:Security W2K
COMPTIA A+

 

[Dippy]

Hi InBan,

Thanx for the advice, below,which I followed without any
success.

Went to the update page,loaded whatever was marked
critical except for stuff specifically marked for XP or NT.

Rebooted, including this evening and again after finding
and installing a Q831167.exe patch that was on my desktop
this morning. (I presume that this was from Microsoft
because it had all the warnings about not installing it on
any machine using pirated software).

Then Spybot-ted again and there was: the "DSO Exploit"
again and still happily ensconced in my computer.

Are you from Microsoft? If so, what is this "DSO Exploit"
thing? What does it do, what vulnerabilities does it open-
up and why can't you get rid of it?

Thanxs again and looking forward to growing wiser, as I
will be once you - or Microsoft - find a way to crack this
one!

Dippy

 

[Guest]

I'm not from Microsoft.

I've done a little reading up on this. There are plenty of discussions on various forums about the DSO Exploits Spybot detects. The makers of Spybot have said that this is a problem with the current release of spybot and should be fixed in future releases.

I have also seen information from other sources saying there are registry changes, or an application that can be run which makes those changes, which will remove the so called DSO exploit.

I would not recommend making those changes. Be confident that the fixes supplied in the critical updates released by Microsoft are fixing these types of issues. Although vulnerabilities in internet explorer likely still exist, far more known vulnerabilities have been patched than not.

At this time I would recommend setting spybot to ignore the DSO exploit. I cannot recommend making the registry changes described in other articles and forums as I have not tested them personally, nor am I aware that they do not do more harm than good.

If this is related to a real vulnerability in IE it is likely one that is taken advantage of by spy ware makers who would attempt to automatically install software on your computer. The best advice I can give is to avoid this type of hijacking software is - browse safe, I'm sure you know the sorts of sites that these things come from, so just avoid them as a best practice for internet surfing.

Good luck.

Ian Bagnald
MCSE:Security W2K
MCSA:Security W2K
COMPTIA A+

 

[Dippy]

Hi InBan!

Thanks for taking the time to explain!

I keep the Microsoft critical updates and anti-virus stuff
pretty much up to-date, as also the Spybot and
Spywareblaster packages that I have installed, but your
suggestions are good ones.

Thanks again

Dippy

-----Original Message-----
I'm not from Microsoft.

I've done a little reading up on this. There are plenty

of discussions on various forums about the DSO Exploits
Spybot detects. The makers of Spybot have said that this
is a problem with the current release of spybot and should
be fixed in future releases.

I have also seen information from other sources saying

there are registry changes, or an application that can be
run which makes those changes, which will remove the so
called DSO exploit.

I would not recommend making those changes. Be confident

that the fixes supplied in the critical updates released
by Microsoft are fixing these types of issues. Although
vulnerabilities in internet explorer likely still exist,
far more known vulnerabilities have been patched than not.

At this time I would recommend setting spybot to ignore

the DSO exploit. I cannot recommend making the registry
changes described in other articles and forums as I have
not tested them personally, nor am I aware that they do
not do more harm than good.

If this is related to a real vulnerability in IE it is

likely one that is taken advantage of by spy ware makers
who would attempt to automatically install software on
your computer. The best advice I can give is to avoid this
type of hijacking software is - browse safe, I'm sure you
know the sorts of sites that these things come from, so
just avoid them as a best practice for internet surfing.