While I was working today, I had my copy of Secunia Personal Software Inspector open up and tell me that my machine was insecure. I looked to see why and quickly saw that one of the three problems was that the Sun Java installation was insecure. I had already downloaded the update, but not installed it.
The second problem was that PSI had determined that Opera was using the Sun Java system and was therefore insecure.
I removed the installed version, using Revo Uninstaller, and then installed revision 6 U17, which took care of two of the problems. I thought perhaps that the Java update was secretly the problem with Internet Exploder 8, but that some Microsoft oddity was not letting the problem be reported as such.
That was not it.
Secunia now tells me this:
Insecure, No Solution
The program was detected as patched. Hence, you have done all that you can to secure this program in accordance with the vendor’s guidelines.
Unfortunately, there are still known security problems with this program that the vendor has yet to address.
Until a solution is available from the vendor, your best options are to: Uninstall, disable, or apply a workaround for this threat.
Then, I looked up the advisory number –
Secunia Advisory: SA24314
Release Date: 2007-02-26
Last Update: 2009-05-12
Popularity: 77,202 views
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Then, also available is the plain language text describing the exact problem –
Stefan Esser has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerability exists because pages that don’t specify a charset inherit the charset of the parent page. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of certain sites that are included e.g. via iframes in a malicious page that uses UTF-7 as charset.
Successful exploitation requires that the user is tricked into visiting a malicious web site.
The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP. Other versions may also be affected.
Since this popped up, I was able to remove 2 of the three noted problems, and am aware of the third, which means I won’t be using Internet Exploder unless absolutely necessary (not likely!)
I find this very comforting, and try to make sure I let every one of the customer’s I have know that the addition of Secunia PSI is a great start to better security. For corporate or small businesses, there is a quite reasonably priced version, which goes into much greater detail on some of the problems and their severity.
This was a non-planned post. It just happened that my weekly scan was running, and the problems prompted the page. It does show that keeping secure is a full time job, and that it is more than a match for any human. The bad guys use automation to cause problems, you should be using automation to avoid them.
Revo isn’t a security uninstaller, but it will make removing things easy and complete, possibly making your machine more secure as it removes any left over crud that might otherwise be exploited.