Malware sites could target JScript flaws in Internet Explorer
Friday, September 11, 2009
Microsoft's September security update contains fixes for several vulnerabilities that security experts warn pose a threat to all versions of Windows using Internet Explorer (IE). Malware writers could exploit the IE flaws in drive-by download cyberattacks.
Of the five critical security vulnerabilities identified by Microsoft this week, four deal with security holes in IE’s JavaScript reader, which could allow maliciously crafted files on websites running JavaScript to infect a user's PC.
Andrew Storms, director of security operations at nCircle Network Security, said other security flaws got most of the initial attention, but the IE vulnerabilities have the most impact.
"Those are the big problem this month because they affect IE when the user is doing the normal thing on the computer - surfing the internet," Storms said, according to Computerworld.
Microsoft said the flaws exist in JScript 5.1 on Microsoft Windows 2000 Service Pack 4 and JScript 5.6, JScript 5.7 and JScript 5.8 on all supported releases of the Windows operating system - except Windows 7 and Windows Server 2008 R2.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system, Microsoft said.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
