Microsoft warns of new critical Windows zero-day flaw, hackers exploiting flaw in live attacks

“Microsoft has released a security advisory with workarounds for a critical zero-day vulnerability affecting Windows users and warned that malicious hackers are already exploiting the flaw in live attacks,” Ryan Naraine reports for eWeek.

“The vulnerability is caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control and is rated “extremely critical” by security alerts aggregator Secunia, in Copenhagen, Denmark,” Naraine reports. “Affected software includes Windows 2000 (including Service Pack 4), Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1.”

“According to an alert from IBM’s ISS X-Force, hackers are already using the Internet Explorer browser as an attack vector. ‘These exploits target Internet Explorer through a vulnerable ActiveX control. Successful exploitation of this vulnerability may result in remote code execution,’ the Atlanta-based company said,” Naraine reports. “All supported versions of Internet Explorer are vulnerable, including the newly released IE 7.”

“Microsoft confirms the flaw could use IE to trigger code execution attacks and warned that banner advertisements and other methods of distributing Web content could also be dangerous,” Naraine reports. “It is the second major zero-day confirmed by Microsoft during the past week. On Nov. 1, the company issued a warning for an ‘extremely critical’ vulnerability in Microsoft Visual Studio 2005 that could put users at risk of remote code execution attacks.”

Full article here.

MacDailyNews Take: Live attacks? What’re those? We’d much rather do the Macarena than use Windows and Internet Explorer. In fact, we’d rather do just about anything than use Windows and Internet Explorer. If you use garbage software, don’t be surprised when your data get trashed. Can you imagine that, right now, at this very instant, smiling Joe and Jane Six Packs are blissfully exiting Best Buys and Wal-Marts with their new Windows PCs? It never ceases to amaze us.

Related MacDailyNews articles:
Class-action suit accuses Microsoft of overcharging for Windows, causing damage with IE insecurity – November 07, 2006
‘Macarena’ malware does not exploit Mac OS X bug – November 06, 2006
‘Macarena’ code shows author’s frustration at trying to make effective Mac OS X virus – November 06, 2006
Ars Technica: ‘New Mac ‘virus’ is proof of concept that hysteria sells anti-virus software’ – November 05, 2006
Symantec details ‘Macarena’ Mac OS X ‘proof-of-concept virus’ – November 03, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
McAfee: Microsoft ‘taking security risks’ with long-delayed, oft-pared-down Windows Vista – October 02, 2006
Why is Apple’s Mac OS X so much more secure than Microsoft’s Windows? – October 01, 2006
Apple Macs are far more secure than Windows PCs – September 26, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005

33 Comments

  1. Yep, and their number is growing because MSoft owns this business and Apple has failed to fulfill promises about how their stuff ‘just works’.

    Vista will launch a new round of consumer frenzy to Get a PC!

    Apple’s share remains in single digits – except, of course, for thier iPod toys.

  2. Once again, ladies and gentlemen of the MDN site, my apologies for my son’s impudence and rudeness. In addition to his single testicle, his “johnson” is not even a single digit long, hence the animosity he frequently shows you good folks.

    His problem is one of transference, of course, lamenting his lack of “manly prowess” and thence confusing it with Apple’s growing market share.

    Would that anything in HIS world would grow!

  3. Peterson, you really ARE the oddest person I’ve ever come across. Are you a masochist or something? Do you flagellate yourself with ethernet cables, and humiliate yourself by debating with yourself and losing on both sides?

    Just curious.

    ” width=”19″ height=”19″ alt=”wink” style=”border:0;” /> (it’s OK, your secret will be safe with us)

  4. According to Bill Gates the problem with Windows isn’t that Windows is inherently insecure, the security problem with Windows is because there aren’t enough talented IT specialists that can patch PCs fast enough.

    Patch me now!

    You see, not only are there too few IT geeks there’s not enough smart IT geeks, Apparently, all the smart ones use Macs now.

  5. This is simple:

    I just want my Macs and Apple’s software to work as well as Steve Job claims.

    I don’t want to have to deal with crashes, freezes, unexpected shut downs, slow-slow-slow performance, and similar annoyances when I am running expensive hardware loaded with pristine software made by the hardware maker – Apple

    I don’t want to have to rebuild permissions, trash preference files, restart, reinstall, run all kinds of maintenance scripts, and call Apple Care to get things to work the way Steve claims it works. Often, poor Apple Care tecks haven’t a clue of how to cure, for example, constant crashes when adding a simple Apple made transition to an Apple made iMovie.

    Since I use both OSes (my employer won’t even let me log my PowerBook onto their wireless network) and, while Mac stuff is better it is NOT a lot better and DOES NOT work as Steve claims.

    I think we ought to hold him to his promises but that’s never going to happen with a bunch of sophomoric, foul-mouth, foolish, blind, and stupid fanatics that make up the Mac main stream customer base.

    Steve loves you because you add to his enormous wealth. He is the modern day P. T. Barnum and you are willing lemmings proving the fact that new ones are being born every minute.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.