Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Don't wait for Microsoft's patch: Secure Windows now

  1. #1
    Join Date
    Dec 2005
    Posts
    9,057

    Default Don't wait for Microsoft's patch: Secure Windows now

    "There's an old ActiveX control hanging around many Windows systems that's still accessible to Internet Explorer, whose original purpose was to tune into MPEG2 transport streams -- typically live video streams sent from a server using MPEG2 format. Yes, MPEG2 transport streams still exist, but any more, browsers including IE8 have appropriate plug-ins to handle them -- Windows Media Player is one, Apple's QuickTime is another.

    But still there's this ActiveX control sitting there doing nothing, waiting to be leveraged for an attack. Earlier today, Microsoft acknowledged a SANS Internet Storm Center report saying that there's an active exploit of this disused bit of functionality published on Chinese Web sites. Apparently malicious users are utilizing it now in "drive-by" attacks that could result, say security experts including Sophos' Graham Cluley, in installation and execution of nearly any malicious payload.

    This morning, Microsoft security engineer Chengyun Chu noted that in order for a Web site to use this exploit to deliver this payload, the user would need to click on a link that launches that Web site. That makes Outlook relatively safe if that link is embedded in the type of e-mail message that says, "Check this out!" just so long as the user doesn't click on that link. In other words, the code cannot be triggered automatically through Microsoft's e-mail client."

    See http://www.betanews.com/article/Dont...day/1246909464 for the rest of the article and details on how to make the activeX in question set to be as a 'killbit'.

    Oldsod.
    Best regards.
    oldsod

  2. #2
    Charles_B Guest

    Default Re: Don't wait for Microsoft's patch: Secure Windows now

    Vincent Weafer, vice president of Symantec Security Response, said the flaw affects Windows XP users with Internet Explorer 6 or 7 installed, but that IE8 users are not vulnerable.

    http://voices.washingtonpost.com/sec...ss=securityfix


    The exploit doesn t work on IE8, and it also doesn t work on Vista, says Roel Schouwenberg, senior research analyst at Kaspersky Lab. So anyone running the latest Microsoft browser or Windows operating system is safe.

    http://lastwatchdog.com/gamers-corru...oft/#more-2099

  3. #3
    naivemelody Guest

    Default Re: Zero-day ActiveX Hole in Windows XP Under Attack

    "Users running IE6 or IE7 on Windows XP and Windows Server 2003 are vulnerable to the drive-bys attacks, Microsoft said. Vista and Server 2008 are not at risk, however, nor are people running IE8, Microsoft's newest browser."
    "Although Microsoft promised it would patch the bug, a company spokesman declined to say whether that patch would be ready by July 14, the next regularly-scheduled security update release day."
    &quot;Awareness of this exploit in the security community is high and it's likely that anti-malware and IPS software will detect it. Many vendors are reporting that they block it already.&quot;<hr>Here are several articles:Click here &gt; http://www.pcworld.com/article/16795...t_ie6_ie7.html
    and here &gt; http://www.pcworld.com/article/16791...er_attack.html
    and here &gt; http://blogs.pcmag.com/securitywatch...ts_windows.php

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zero-day ActiveX Hole in Windows XP Under Attack

    The exploit applies to these windows operating systems.

    Or look at the list from security focus; or look at the CVE-2008-0015 which is still under review and will be probably later updated.

    It does seem to be rated according to operating systems and not the MS browser levels.

    Oldsod.

    Message Edited by Oldsod on 07-07-2009 10:08 PM
    Best regards.
    oldsod

  5. #5
    Charles_B Guest

    Default Re: Zero-day ActiveX Hole in Windows XP Under Attack

    Aattack involves two gaping security holes in the video Active X component of the Internet Explorer browser, flaws for which no patches yet exist.


    This is the one they are taking about.

    Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution

    http://support.microsoft.com/kb/972890


    Windows Installer Package Microsoft Fix it 50287.msi 645 KB


    The other being the following :

    Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution

    http://support.microsoft.com/kb/971778

    Windows Installer Package EnableAdvisory971778.msi 113 KB


    Have a Nice Day

    Message Edited by Charles_B on 07-08-2009 01:19 AM

  6. #6
    raideron Guest

    Default Re: Zero-day ActiveX Hole in Windows XP Under Attack

    Hi,
    Just wanted to say I still view topics here because of all the great info/help from thepeople here... Great help guy's and Gal's...
    Ron

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zero-day ActiveX Hole in Windows XP Under Attack

    Yes and in the advisory for the discussed exploit...

    http://www.microsoft.com/technet/sec...ry/972890.mspx

    it is not browser dependant, but operating system dependant.(see under the 'OverView of that MS advisoy for operating system details).

    Yes IE 8 is more secure than either IE 6 or 7, but the IE 8 in Vista differs much in terms of security from the IE8 found in the XP operating system.
    IE 8 in Vista is more secure than the IE8 seen in the Windows XP.
    And I think this is the reason as to why Microsoft often specifies exploits according to the operating system and not by the browser versions.
    (really using either IE 6 or 7 is a serious security hole no matter how it is looked at, and this is the main reason why I updated immediately IE 8 became avavilable as a final release, but I still use XP and seldom use the IE browser.)

    Best regards.
    Oldsod.
    Best regards.
    oldsod

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zero-day ActiveX Hole in Windows XP Under Attack


    <blockquote><hr>Raideron wrote:
    Hi,
    Just wanted to say I still view topics here because of all the great info/help from thepeople here... Great help guy's and Gal's...
    Ron
    <hr></blockquote>


    Yes Nice of you to drop by, Mr. Norton. (LOL)

    Long time no see!
    How are you doing?
    Best regards.
    Oldsod.
    Best regards.
    oldsod

  9. #9
    Charles_B Guest

    Default Re: Zero-day ActiveX Hole in Windows XP Under Attack

    Thanks Oldsod for info, Only time I use IE 8 is for Windows Updates and do it from Security Center.Have Updates turn Off.Do them manually a week after patch Tuesday.Just in case any issues.

    You notice in my thread the file size for both workarounds.Just in case.XP user.

    Have a nice Day

    Message Edited by Charles_B on 07-08-2009 02:34 PM

  10. #10
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zero-day ActiveX Hole in Windows XP Under Attack

    The extra given work-around is much appreciated.
    I am very glad you entered the thread and asked and set things straight.

    Another reason why Microsoft specifies operating systems and not the exact browser version (according to the issue) is due to the fact MS makes money selling the newer operating systems. They do not make any money from the updates/patches.

    Yes Vista has this exploit covered/or patched by design....regardless if the limited privilege user account is used or not used and instead the admin privilege account is used.
    But on the same token they previously knew about this exploit in XP and ignored it until now - MS want people to buy Vista and of course Windows 7 when it comes out. They did fix this excploit from the very beginnig in the Vista operating system. And ignored it in XP.
    It is one of the ways to convince people to 'be safer' by always getting the latest operating system.

    In all fairness, MS does from time to time remind people to use a limited user account (especially for XP users and other appliable MS systems) to avoid these unknown risks and security holes. They do factually inform that almost all unknown exploit can be bested just by using a limited user account on an unpatched XP.
    A limited privilege user account would probably stops exploits such as this one that is being discussed at the present.
    Yet at the same time many XP users still use the full privilege admin accounts as the default account.


    I do the same as you handle things (although I have the security center off along with auto updates) and do manual windows updates a week or so after they are released. I do the very same for many other non-MS softwares - just to be on the safe side - and wait a week or two before updating, even adobe or java or flash for examples. The other software developers do alos make mistake from time to time too.
    I too seldom use the IE 8 for anything other than going to MS sites, but on the other hand my IE8 is fairly well locked down to be actually safely useable for daily browsing usage.

    Best regards, as always.
    Oldsod.

    Message Edited by Oldsod on 07-08-2009 06:15 PM
    Best regards.
    oldsod

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •