| Reply to Thread New Thread |
07-07-2009, 09:14 PM
|
#1 |
|
|
 Microsoft Warns Of 'Browse-And-Get-Owned' Attack
Microsoft Warns Of 'Browse-And-Get-Owned' Attack
Attacks have been reported that attempt to exploit an unpatched vulnerability in Microsoft's Video ActiveX Control. By Thomas Claburn InformationWeek July 7, 2009 01:55 PM Microsoft (NSDQ: MSFT) on Monday issued a security advisory about a zero-day vulnerability in the Microsoft Video ActiveX Control. The flaw could allow a remote unauthenticated attacker to execute malicious code on computers running Windows XP and Windows 2003 Server. "A browse-and-get-owned attack vector exists," acknowledged Microsoft security engineer Chengyun Chu on the company's Security Research & Defense blog. "A user needs to be lured to navigate to a malicious Web site or a compromised legitimate Web site to be affected. No further user interaction is needed." http://www.informationweek.com/news/...es+and+threats |
|
|
07-07-2009, 10:47 PM
|
#2 |
|
|
This link provides a work around patch that disables the Active X control that is causing the problem.
http://blogs.technet.com/srd/archive...idctl-dll.aspx Microsoft Security Advisory on this subject is here: http://www.microsoft.com/technet/sec...ry/972890.mspx |
|
|
|
07-07-2009, 10:51 PM
|
#3 |
|
|
Thanx for the links nline! Patch installed and I rest easy now....
|
|
|
|
07-07-2009, 10:56 PM
|
#4 |
|
|
You are welcome but read the attached links. There are side issues with the patch. It isn't a fix just a bypass and that is a bit of a kludge.
|
|
|
|
07-07-2009, 11:15 PM
|
#5 |
|
|
Like I've always heard, 50% of something is better than 100% of nothing!
|
|
|
|
07-08-2009, 11:54 AM
|
#6 |
|
|
Thanks Nline, I hope you will post if they get an actual "fix" for it. I installed the "bypass" for now on my desktop that runs XP.
|
|
|
| Reply to Thread New Thread |
«
Previous Thread
|
Next Thread
»
Linear Mode
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
