Welcome to WebmasterWorld Guest from 50.19.0.90

Forum Moderators: bill

Message Too Old, No Replies

Microsoft offers workaround for zero-day exploit

affects IE in Windows XP or Windows Server 2003

     
9:08 am on Jul 7, 2009 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14470
votes: 49


An ActiveX control on XP and Server 2003 is being exploited by hackers.

Microsoft warns of serious computer security hole [m.apnews.com]

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

...

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" - or software fix - for the problem.

Microsoft offers a temporary workaround here: Vulnerability in Microsoft Video ActiveX control could allow remote code execution [support.microsoft.com]

2:50 pm on July 8, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3492
votes: 3


Thanks Bill I visit a ton of sites a day and most likely am above average on getting this from hitting an infected site.
4:37 pm on July 8, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 13, 2003
posts:1281
votes: 0


Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer

And yet it's included, active, and gives the hackers access to the local user account. Nice.

8:05 pm on July 8, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


And yet it's included, active, and gives the hackers access to the local user account.

That's the gist of ActiveX: expose methods to the web at large.

If you don;t need it (there is no use beyond windowsupdate, use another browser than IE.

8:16 pm on July 8, 2009 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 11, 2004
posts:582
votes: 0


Good timing by Google and their OS announcement then. What garbage this ActiveX.
3:23 am on July 9, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2005
posts:1077
votes: 0


I think Google will have their hands full with a web browser as an OS.
8:14 am on July 9, 2009 (gmt 0)

Preferred Member

5+ Year Member

joined:Nov 29, 2007
posts: 385
votes: 0


So using Firefox negates this exploit?
8:31 am on July 9, 2009 (gmt 0)

Moderator from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:11309
votes: 163


So using Firefox negates this exploit?

Also, another question about the exploit... is it likely to be served from any server, or mainly from infected Windows Servers?

9:19 am on July 9, 2009 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14470
votes: 49


It's an ActiveX exploit. Unless you have hacked in that old FF plug-in for ActiveX I don't think this would affect you with that browser.

is it likely to be served from any server, or mainly from infected Windows Servers?

They haven't been too specific on that in the articles I've read.
5:55 am on July 11, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:July 29, 2007
posts:1518
votes: 9


In IE you can set your internet connection to be over LAN with an IP of 0.0.0.0 which completely disables IE and every application that relies on IE standard settings (including windows updates).

If you load up firefox and disable IE as mentioned above you'll start seeing error messages when things start complaining of not being able to connect, like adobe flash. You'll see just how reliant on IE your computer really is, even if you don't use it.

5:34 pm on July 12, 2009 (gmt 0)

Preferred Member from US 

10+ Year Member

joined:May 6, 2004
posts: 650
votes: 0


I've found that getting SOHO and home users to run as a limited user prevents a lot of problems. Running as a limited user simply does not provide enough rights for a virus or trojan to take root.

In a client server environment, you can lock down the users with GPOs of course.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members