homepage Welcome to WebmasterWorld Guest from 54.163.72.86
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
Forum Library, Charter, Moderators: bill

Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10) Forum

    
Microsoft offers workaround for zero-day exploit
affects IE in Windows XP or Windows Server 2003
bill




msg:3947532
 9:08 am on Jul 7, 2009 (gmt 0)

An ActiveX control on XP and Server 2003 is being exploited by hackers.

Microsoft warns of serious computer security hole [m.apnews.com]

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

...

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" - or software fix - for the problem.

Microsoft offers a temporary workaround here: Vulnerability in Microsoft Video ActiveX control could allow remote code execution [support.microsoft.com]

 

bwnbwn




msg:3948456
 2:50 pm on Jul 8, 2009 (gmt 0)

Thanks Bill I visit a ton of sites a day and most likely am above average on getting this from hitting an infected site.

SEOMike




msg:3948527
 4:37 pm on Jul 8, 2009 (gmt 0)

Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer

And yet it's included, active, and gives the hackers access to the local user account. Nice.

swa66




msg:3948642
 8:05 pm on Jul 8, 2009 (gmt 0)

And yet it's included, active, and gives the hackers access to the local user account.

That's the gist of ActiveX: expose methods to the web at large.

If you don;t need it (there is no use beyond windowsupdate, use another browser than IE.

Hugene




msg:3948655
 8:16 pm on Jul 8, 2009 (gmt 0)

Good timing by Google and their OS announcement then. What garbage this ActiveX.

carguy84




msg:3948913
 3:23 am on Jul 9, 2009 (gmt 0)

I think Google will have their hands full with a web browser as an OS.

driller41




msg:3949032
 8:14 am on Jul 9, 2009 (gmt 0)

So using Firefox negates this exploit?

Robert Charlton




msg:3949041
 8:31 am on Jul 9, 2009 (gmt 0)

So using Firefox negates this exploit?

Also, another question about the exploit... is it likely to be served from any server, or mainly from infected Windows Servers?

bill




msg:3949069
 9:19 am on Jul 9, 2009 (gmt 0)

It's an ActiveX exploit. Unless you have hacked in that old FF plug-in for ActiveX I don't think this would affect you with that browser.

is it likely to be served from any server, or mainly from infected Windows Servers?

They haven't been too specific on that in the articles I've read.

JS_Harris




msg:3950542
 5:55 am on Jul 11, 2009 (gmt 0)

In IE you can set your internet connection to be over LAN with an IP of 0.0.0.0 which completely disables IE and every application that relies on IE standard settings (including windows updates).

If you load up firefox and disable IE as mentioned above you'll start seeing error messages when things start complaining of not being able to connect, like adobe flash. You'll see just how reliant on IE your computer really is, even if you don't use it.

cmendla




msg:3951026
 5:34 pm on Jul 12, 2009 (gmt 0)

I've found that getting SOHO and home users to run as a limited user prevents a lot of problems. Running as a limited user simply does not provide enough rights for a virus or trojan to take root.

In a client server environment, you can lock down the users with GPOs of course.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved