Microsoft warns vulnerability being exploited in IE
Tuesday, July 7, 2009
A zero-day vulnerability in Microsoft Video ActiveX Control has been exploited in the wild, Microsoft warned on Monday. An attacker who successfully exploits this web security flaw could take control of a user's PC using a maliciously crafted website.
Users of Windows XP and Windows Server 2003 are vulnerable to the exploit when visiting malicious websites using Internet Explorer, Microsoft said in a security bulletin.
Compromised websites and sites that accept or host user-provided content or advertisements could contain malicious code to exploit this vulnerability.
Microsoft said cybercriminals could attempt to exploit the web security flaw by luring users to click a link in an email message or Instant Messenger message that takes users to the attacker's site.
Windows XP and Windows Server 2003 users should deactivate ActiveX Control within Internet Explorer, using the workaround listed on Microsoft's support site.
Although Windows Vista and Windows Server 2008 are unaffected by this vulnerability, Microsoft is recommending that customers remove support for ActiveX Control within Internet Explorer.
Users can also opt to have Microsoft automatically "Fix It For Me" at Knowledge Base article 972890 on the support site.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
