What’s a ‘DSO exploit’ and how do I get rid of it?
The short answer: it’s a bug in Internet Explorer that could under certain
circumstances allow untrusted software to run. In other words, it’s a
vulnerability. The good news is that it’s been fixed.
Become a Patron of Ask Leo! and go ad-free!
The confusion arises from the fact that at least on popular Spyware
detection program reports the problem, but fails to apply its work around, and
hence continually reports the problem. Even though it might not be a problem
any more. (Update: that program has reportedly been fixed. See below.)
First, let’s be clear. The vulnerability in Internet Explorer has been
corrected. If you’ve patched IE and are staying up to date with current patches
from Microsoft, you’re safe, even if a DSO exploit is reported.
The confusion arises from a bug in Spybot Search and Destroy that continues
to report the DSO Exploit problem, anyway. There are ways to force the report
to go away, but it’s more trouble than it’s worth.
The bottom line: If you’re fully up-to-date on Internet
Explorer patches, you can safely ignore Spybot’s report of a DSO Exploit. And
update Spybot from time to time as well; they do plan to fix the reporting
UPDATE: Spybot Search and Destroy has reportedly been
fixed. My recommendation now is to download the latest
version, and make sure you have it update its database of spyware to check
prior to your next scan. It’s possible that it may report DSO exploit
once, but if you elect to fix it, then the report should go away on your next scan. I can
confirm that it no longer reports DSO exploit on my system.
And remember, as long as you were up-to-date with Internet Explorer patches,
DSO exploit was not an issue for you, regardless of what the scanner said.