homepage Welcome to WebmasterWorld Guest from 54.167.174.90
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
Forum Library, Charter, Moderators: bill

Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10) Forum

    
New Internet Explorer Vulnerability Posted on Web
No patch available at this time
rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3084246 posted 1:37 pm on Sep 15, 2006 (gmt 0)

Computer code that could be used to hijack Windows PCs via a yet-to-be-patched Internet Explorer flaw has been posted on the Net, experts have warned.

The code was published on public Web sites, where it is accessible to miscreants who might use it to craft attacks on vulnerable Windows computers. Microsoft is investigating the issue, the company representative said in a statement Thursday.

Microsoft says that Windows users should disable ActiveX and active scripting controls.

Attack code targets new IE hole [news.com.com]

 

Liane

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3084246 posted 1:54 pm on Sep 15, 2006 (gmt 0)

Gee I'm glad I have a Mac! ;)

Easy_Coder

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3084246 posted 2:24 pm on Sep 15, 2006 (gmt 0)

Microsoft says that Windows users should disable ActiveX and active scripting controls.

The Microsoft Security Respose Advisory # 925444 indicates the following.

At Risk:
Microsoft Internet Explorer on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2.

Not At Risk:
Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected.

webdudek

5+ Year Member



 
Msg#: 3084246 posted 4:04 pm on Sep 15, 2006 (gmt 0)

For those who still don't know, there is a new browser in town called Mozilla Firefox.
Well, not so new, but so much better...
What are people waiting for?

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3084246 posted 7:15 pm on Sep 15, 2006 (gmt 0)

Today's Firefox security update [webmasterworld.com]. ;)

Any software that achieves significant market acceptance will be subject to hack attempts.

icantthinkofone

5+ Year Member



 
Msg#: 3084246 posted 6:42 pm on Sep 16, 2006 (gmt 0)

The difference is the Firefox update is a fix to a potential hole while IEs announcement is an unpatched hole.

In addition, from what I'm reading, popularity or high usage of a product does not indicate it will automatically become a target for abuse.

wmuser

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3084246 posted 10:35 pm on Sep 17, 2006 (gmt 0)

Firefox has had a security update as well

Powdork

WebmasterWorld Senior Member powdork us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3084246 posted 4:28 am on Sep 18, 2006 (gmt 0)

Whats important is not whether you are safe, but whether or not the general public actuallly does disable activeX controls. This has rather huge implications for any flash websites or content.

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 3084246 posted 1:30 pm on Sep 18, 2006 (gmt 0)

If memory serves, I don't believe this is the first time we've been told to disable ActiveX on IE. I've had it explicitly turned off for quite some time. Only a select few trusted sites are allowed to run ActiveX on my machines.

Powdork

WebmasterWorld Senior Member powdork us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3084246 posted 3:26 pm on Sep 18, 2006 (gmt 0)

At least half the websites I visit regularly are all flash or use flash extensively. Running without activeX is not an option. Firefox has been the answer for me for quite a while now. If Sirius would get their act together I would never use IE other than testing my own sites.

Their have been recommendations to turn off activeX several times in the past. It didn't seem too many people listened in the past.

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 3084246 posted 12:59 am on Sep 20, 2006 (gmt 0)

The whole Internet security system is set up on Windows so that you can allow ActiveX for those sites you regularly visit but deny it for everywhere else. That's the way I've been using IE since the first time they had these problems. You just have to go through the process of adding those sites to the appropriate security group once. After that you're a bit more secure.

mcavic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3084246 posted 3:42 pm on Sep 24, 2006 (gmt 0)

Some experts believe the timing of the new attack is no coincidence, suggesting that attackers look to take advantage of a full month before Microsoft is scheduled to release its next bunch of fixes.

And the reason why they can't release a patch in mid-month?

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 3084246 posted 2:01 am on Sep 25, 2006 (gmt 0)

They can, and sometimes do issue patches outside of the regularly scheduled Patch Tuesday. If this vulnerability is being actively taken advantage of on the net you can probably expect to see a patch sooner.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved