Zero-day ActiveX Hole in Windows XP Under Attack (Security Advisory 972890)

Custom Search

Hack in The Box
Free PC Security
TechAirlines
Freeware
OnlineSchutz
NewsApp Portal
Chicago Attorney's
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply visit: "FORUM". Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[Samker]

Crooks are going after a new security flaw involving the Microsoft Video ActiveX Control in Windows XP and Server 2003, Microsoft today announced.

Redmond's Security Advisory 972890 details the new threat, which could allow for a drive-by-download infection if you simply view a poisoned Web page using Internet Explorer - no click required. Windows Vista and 2008 are not affected, but Microsoft still recommends that users of those operating sytems apply the workaround (see below) as a precautionary measure. Also, while Microsoft's advisory doesn't specify which versions of IE are vulnerable, additional analysis from Symantec says that IE 6 and 7 are at risk, but the new IE 8 is not.

There are already active attacks against the new hole, according to both the advisory and another Symantec post, which states that "thousands of websites have been compromised and are now hosting the exploit for this issue." Microsoft says there are no known legit uses for the afflicted ActiveX control, and is providing a 'Fix it' workaround solution to disable it while the company works on a patch.

To apply the fix, visit Microsoft's Knowledge base article 972890 and click the "Enable workaround" Fix it link: http://support.microsoft.com/kb/972890
Then run the downloaded .msi file to disable the ActiveX control. To reverse the change, download and run the .msi from the "Disable workaround" link.

(PCW)