Welcome to WebmasterWorld Guest from 54.146.171.44

Forum Moderators: bill

Message Too Old, No Replies

Microsoft offers workaround for zero-day exploit

affects IE in Windows XP or Windows Server 2003

   
9:08 am on Jul 7, 2009 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



An ActiveX control on XP and Server 2003 is being exploited by hackers.

Microsoft warns of serious computer security hole [m.apnews.com]

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

...

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" - or software fix - for the problem.

Microsoft offers a temporary workaround here: Vulnerability in Microsoft Video ActiveX control could allow remote code execution [support.microsoft.com]

2:50 pm on Jul 8, 2009 (gmt 0)

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Thanks Bill I visit a ton of sites a day and most likely am above average on getting this from hitting an infected site.
4:37 pm on Jul 8, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer

And yet it's included, active, and gives the hackers access to the local user account. Nice.

8:05 pm on Jul 8, 2009 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



And yet it's included, active, and gives the hackers access to the local user account.

That's the gist of ActiveX: expose methods to the web at large.

If you don;t need it (there is no use beyond windowsupdate, use another browser than IE.

8:16 pm on Jul 8, 2009 (gmt 0)

10+ Year Member



Good timing by Google and their OS announcement then. What garbage this ActiveX.
3:23 am on Jul 9, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I think Google will have their hands full with a web browser as an OS.
8:14 am on Jul 9, 2009 (gmt 0)

5+ Year Member



So using Firefox negates this exploit?
8:31 am on Jul 9, 2009 (gmt 0)

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



So using Firefox negates this exploit?

Also, another question about the exploit... is it likely to be served from any server, or mainly from infected Windows Servers?

9:19 am on Jul 9, 2009 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



It's an ActiveX exploit. Unless you have hacked in that old FF plug-in for ActiveX I don't think this would affect you with that browser.

is it likely to be served from any server, or mainly from infected Windows Servers?

They haven't been too specific on that in the articles I've read.
5:55 am on Jul 11, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



In IE you can set your internet connection to be over LAN with an IP of 0.0.0.0 which completely disables IE and every application that relies on IE standard settings (including windows updates).

If you load up firefox and disable IE as mentioned above you'll start seeing error messages when things start complaining of not being able to connect, like adobe flash. You'll see just how reliant on IE your computer really is, even if you don't use it.

5:34 pm on Jul 12, 2009 (gmt 0)

10+ Year Member



I've found that getting SOHO and home users to run as a limited user prevents a lot of problems. Running as a limited user simply does not provide enough rights for a virus or trojan to take root.

In a client server environment, you can lock down the users with GPOs of course.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month