Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3114
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3100
Total: 3102









Author Topic: Zero-day ActiveX Hole in Windows XP Under Attack (Security Advisory 972890)  (Read 4497 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Crooks are going after a new security flaw involving the Microsoft Video ActiveX Control in Windows XP and Server 2003, Microsoft today announced.

Redmond's Security Advisory 972890 details the new threat, which could allow for a drive-by-download infection if you simply view a poisoned Web page using Internet Explorer - no click required. Windows Vista and 2008 are not affected, but Microsoft still recommends that users of those operating sytems apply the workaround (see below) as a precautionary measure. Also, while Microsoft's advisory doesn't specify which versions of IE are vulnerable, additional analysis from Symantec says that IE 6 and 7 are at risk, but the new IE 8 is not.

There are already active attacks against the new hole, according to both the advisory and another Symantec post, which states that "thousands of websites have been compromised and are now hosting the exploit for this issue." Microsoft says there are no known legit uses for the afflicted ActiveX control, and is providing a 'Fix it' workaround solution to disable it while the company works on a patch.

To apply the fix, visit Microsoft's Knowledge base article 972890 and click the "Enable workaround" Fix it link: http://support.microsoft.com/kb/972890
Then run the downloaded .msi file to disable the ActiveX control. To reverse the change, download and run the .msi from the "Disable workaround" link.

(PCW)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023