Security Hole in Internet Explorer (Still not fixed)

[Chris]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Apply all latest Microsoft Security patches, make sure to have Microsoft
Anti-Spyware, and visit the following site:

download.abetterinternet.com/download/cabs/ARK14006/download.htm

You will have downloaded a ARK14006.EXE file under C:\WINNT which then
downloads updated spyware files (VX2.ZServ) to C:\Winnt\Temp which then try
to modify the registry, but MS AntiSpyware stops it. When you perform a
clean, it removes most files, but leaves some behind.

It would be nice to fix the security hole in the first place.

 

[jw]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

would this really be a security hole if Security in Internet Options is
Not set as recommended by Microsoft ? i thought Microsoft recommended
Security be set to High for the Internet Zone. if this is done, then
executables would not be downloaded, unless somebody intentionally set
download.abetterinternet.com to be Allowed in your Trusted Sites zone.

File Downloads are Disabled when Security is set to High.
the default setting for the Internet Zone is to Enable File Downloads
and Disable Prompting for file downloads.

i am open to correction, if i am wrong.

Chris wrote:
> Apply all latest Microsoft Security patches, make sure to have Microsoft
> Anti-Spyware, and visit the following site:
>
> download.abetterinternet.com/download/cabs/ARK14006/download.htm
>
> You will have downloaded a ARK14006.EXE file under C:\WINNT which then
> downloads updated spyware files (VX2.ZServ) to C:\Winnt\Temp which then try
> to modify the registry, but MS AntiSpyware stops it. When you perform a
> clean, it removes most files, but leaves some behind.
>
> It would be nice to fix the security hole in the first place.