September 22, 2006

Internet Explorer leaves you open to attack

Vulnerabilities in Vector Markup Language and Microsoft DirectAnimation Path ActiveX Control in Internet Explorer allows remote code execution by hackers.

Recommended Action
Microsoft encourages users to exercise caution when they open e-mail and links in e-mail even from trusted sources.

You can guard against these exploits by turning off JavaScript and ActiveX in Internet Explorer or using an alternative browser. Ensuring virus definitions are up to date also helps to secure the family PC from the attacks.

Threat Overview
Two new computer malware attacks exploit vulnerable code in Microsoft Internet Explorer and attempt to install spyware to hijack systems. When a user opens an exploited webpage, it may corrupt system memory in such a way to enable an attacker to execute arbitrary code and infiltrate the affected system.

In the News
The vulnerabilities have been acknowledged by Microsoft and have also been publicly disclosed. News articles describing the threat can be found at:

CNET - Web sites exploit visitors IE hole
Microsoft Security Advisory (925444)
Microsoft Security Advisory (925568)
Tech World - Explorer hit by new attack

MS Users are encouraged to keep their anti-virus software up to date. Customers can also visit Windows Live OneCare Safety Center and are encouraged to use the Complete Scan option to check for and remove malicious software that take advantage of this vulnerability.


AND NOW FOR SOMETHING COMPLETELY DIFFERENT: A Quote:

Every man should be content to mind his own business.
~ Aesop (620 BC-560 BC)

Posted by Michele at September 22, 2006 12:25 PM | TrackBack
Comments

Damn that Aesop is a smart one ;)

Posted by: Sgt Hook at September 23, 2006 01:03 AM

cool.

Posted by: Jose at September 23, 2006 01:51 AM

Computer help from a techie:

Quickest way to check if there is a virus or spyware or some other security-breaching malware on your computer:

1. Click on the Start Menu. If you don't have a start menu, you are fine.

2. When the Start Menu comes up, look along the left side. If there are characters there that spell out the word "Windows" (some include 2000, some XP, some ME in a messed up font), then your system has been compromised or is just about to be compromised.

3. Decide if you are going to spend at least 24% of your time in front of your computer running updates, fixing things, tweaking things, looking for extra files, trying to understand why that error message keeps popping up even though it doesn't seem to do anything, or if your time actually has a value to it and you want your computer to get the F- out of your way so you can get some work done on it.

I work with these things every day. I understand. This latest exploit is not exactly the first time IE had a problem that, just by navigating to a web page, your system was compromised. A new exploit is found every month or so.

Posted by: RSM at September 23, 2006 06:36 AM