homepage Welcome to WebmasterWorld Guest from 54.161.220.160
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
Forum Library, Charter, Moderators: bill

Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10) Forum

    
Microsoft offers workaround for zero-day exploit
affects IE in Windows XP or Windows Server 2003
bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 3947530 posted 9:08 am on Jul 7, 2009 (gmt 0)

An ActiveX control on XP and Server 2003 is being exploited by hackers.

Microsoft warns of serious computer security hole [m.apnews.com]

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

...

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" - or software fix - for the problem.

Microsoft offers a temporary workaround here: Vulnerability in Microsoft Video ActiveX control could allow remote code execution [support.microsoft.com]

 

bwnbwn

WebmasterWorld Senior Member bwnbwn us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3947530 posted 2:50 pm on Jul 8, 2009 (gmt 0)

Thanks Bill I visit a ton of sites a day and most likely am above average on getting this from hitting an infected site.

SEOMike

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3947530 posted 4:37 pm on Jul 8, 2009 (gmt 0)

Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer

And yet it's included, active, and gives the hackers access to the local user account. Nice.

swa66

WebmasterWorld Senior Member swa66 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3947530 posted 8:05 pm on Jul 8, 2009 (gmt 0)

And yet it's included, active, and gives the hackers access to the local user account.

That's the gist of ActiveX: expose methods to the web at large.

If you don;t need it (there is no use beyond windowsupdate, use another browser than IE.

Hugene

10+ Year Member



 
Msg#: 3947530 posted 8:16 pm on Jul 8, 2009 (gmt 0)

Good timing by Google and their OS announcement then. What garbage this ActiveX.

carguy84

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3947530 posted 3:23 am on Jul 9, 2009 (gmt 0)

I think Google will have their hands full with a web browser as an OS.

driller41

5+ Year Member



 
Msg#: 3947530 posted 8:14 am on Jul 9, 2009 (gmt 0)

So using Firefox negates this exploit?

Robert Charlton

WebmasterWorld Administrator robert_charlton us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3947530 posted 8:31 am on Jul 9, 2009 (gmt 0)

So using Firefox negates this exploit?

Also, another question about the exploit... is it likely to be served from any server, or mainly from infected Windows Servers?

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 3947530 posted 9:19 am on Jul 9, 2009 (gmt 0)

It's an ActiveX exploit. Unless you have hacked in that old FF plug-in for ActiveX I don't think this would affect you with that browser.

is it likely to be served from any server, or mainly from infected Windows Servers?

They haven't been too specific on that in the articles I've read.

JS_Harris

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3947530 posted 5:55 am on Jul 11, 2009 (gmt 0)

In IE you can set your internet connection to be over LAN with an IP of 0.0.0.0 which completely disables IE and every application that relies on IE standard settings (including windows updates).

If you load up firefox and disable IE as mentioned above you'll start seeing error messages when things start complaining of not being able to connect, like adobe flash. You'll see just how reliant on IE your computer really is, even if you don't use it.

cmendla

10+ Year Member



 
Msg#: 3947530 posted 5:34 pm on Jul 12, 2009 (gmt 0)

I've found that getting SOHO and home users to run as a limited user prevents a lot of problems. Running as a limited user simply does not provide enough rights for a virus or trojan to take root.

In a client server environment, you can lock down the users with GPOs of course.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved