“Microsoft has released a security advisory with workarounds for a critical zero-day vulnerability affecting Windows users and warned that malicious hackers are already exploiting the flaw in live attacks,” Ryan Naraine reports for eWeek.
“The vulnerability is caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control and is rated “extremely critical” by security alerts aggregator Secunia, in Copenhagen, Denmark,” Naraine reports. “Affected software includes Windows 2000 (including Service Pack 4), Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1.”
“According to an alert from IBM’s ISS X-Force, hackers are already using the Internet Explorer browser as an attack vector. ‘These exploits target Internet Explorer through a vulnerable ActiveX control. Successful exploitation of this vulnerability may result in remote code execution,’ the Atlanta-based company said,” Naraine reports. “All supported versions of Internet Explorer are vulnerable, including the newly released IE 7.”
“Microsoft confirms the flaw could use IE to trigger code execution attacks and warned that banner advertisements and other methods of distributing Web content could also be dangerous,” Naraine reports. “It is the second major zero-day confirmed by Microsoft during the past week. On Nov. 1, the company issued a warning for an ‘extremely critical’ vulnerability in Microsoft Visual Studio 2005 that could put users at risk of remote code execution attacks.”
Full article here.
MacDailyNews Take: Live attacks? What’re those? We’d much rather do the Macarena than use Windows and Internet Explorer. In fact, we’d rather do just about anything than use Windows and Internet Explorer. If you use garbage software, don’t be surprised when your data get trashed. Can you imagine that, right now, at this very instant, smiling Joe and Jane Six Packs are blissfully exiting Best Buys and Wal-Marts with their new Windows PCs? It never ceases to amaze us.
Related MacDailyNews articles:
Class-action suit accuses Microsoft of overcharging for Windows, causing damage with IE insecurity – November 07, 2006
‘Macarena’ malware does not exploit Mac OS X bug – November 06, 2006
‘Macarena’ code shows author’s frustration at trying to make effective Mac OS X virus – November 06, 2006
Ars Technica: ‘New Mac ‘virus’ is proof of concept that hysteria sells anti-virus software’ – November 05, 2006
Symantec details ‘Macarena’ Mac OS X ‘proof-of-concept virus’ – November 03, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
McAfee: Microsoft ‘taking security risks’ with long-delayed, oft-pared-down Windows Vista – October 02, 2006
Why is Apple’s Mac OS X so much more secure than Microsoft’s Windows? – October 01, 2006
Apple Macs are far more secure than Windows PCs – September 26, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
Yep, and their number is growing because MSoft owns this business and Apple has failed to fulfill promises about how their stuff ‘just works’.
Vista will launch a new round of consumer frenzy to Get a PC!
Apple’s share remains in single digits – except, of course, for thier iPod toys.
No news here, just move along.
Peterson,
Apple’s market share of the U.S. retail notebook market is already up to 12%.
Your “single digits” are but a fading memory.
I love six-packs. Why does MDN have to associate stupid with six-pack? The only things better thans six-packs are 12-packs, cases, and dirty-thirties.
Word.
Peterson,
Will you marry me?
MW: Maybe we can start a family together.
Once again, ladies and gentlemen of the MDN site, my apologies for my son’s impudence and rudeness. In addition to his single testicle, his “johnson” is not even a single digit long, hence the animosity he frequently shows you good folks.
His problem is one of transference, of course, lamenting his lack of “manly prowess” and thence confusing it with Apple’s growing market share.
Would that anything in HIS world would grow!
Peterson, you really ARE the oddest person I’ve ever come across. Are you a masochist or something? Do you flagellate yourself with ethernet cables, and humiliate yourself by debating with yourself and losing on both sides?
Just curious.
According to Bill Gates the problem with Windows isn’t that Windows is inherently insecure, the security problem with Windows is because there aren’t enough talented IT specialists that can patch PCs fast enough.
Patch me now!
You see, not only are there too few IT geeks there’s not enough smart IT geeks, Apparently, all the smart ones use Macs now.
This is simple:
I just want my Macs and Apple’s software to work as well as Steve Job claims.
I don’t want to have to deal with crashes, freezes, unexpected shut downs, slow-slow-slow performance, and similar annoyances when I am running expensive hardware loaded with pristine software made by the hardware maker – Apple
I don’t want to have to rebuild permissions, trash preference files, restart, reinstall, run all kinds of maintenance scripts, and call Apple Care to get things to work the way Steve claims it works. Often, poor Apple Care tecks haven’t a clue of how to cure, for example, constant crashes when adding a simple Apple made transition to an Apple made iMovie.
Since I use both OSes (my employer won’t even let me log my PowerBook onto their wireless network) and, while Mac stuff is better it is NOT a lot better and DOES NOT work as Steve claims.
I think we ought to hold him to his promises but that’s never going to happen with a bunch of sophomoric, foul-mouth, foolish, blind, and stupid fanatics that make up the Mac main stream customer base.
Steve loves you because you add to his enormous wealth. He is the modern day P. T. Barnum and you are willing lemmings proving the fact that new ones are being born every minute.
“Yep, and their number is growing because MSoft owns this business and Apple has failed to fulfill promises about how their stuff ‘just works'”
Um… what?
please see the following entries:
http://en.wikipedia.org/wiki/Apologist
http://en.wikipedia.org/wiki/Stockholm_syndrome
http://en.wikipedia.org/wiki/Denial
Petey, get your ass in here, boy! I’ve had enough of this sh-t!!
Now’n, tell me how in the hell do you spell “their”, son!
I swear, you’ve got about as much sense as your inbred cousins.
Now quit it, or you know what’ll happen — unless you want another ride tonight on the one-eyed turgid wonder snake, I’d strongly suggest ya stay’s off the interwebs.
Now where’s yer little sister? . . .
Uh, Peterson, just state your problem with your Mac in specific terms and the people on this site will be happy to help troubleshoot. None of this vague “freezes and crashes” stuff – be more specific! You are either exaggerating or the worldest most unlucky person.
Peterson – why don’t you put your old PowerBook on eBay, sell it, then go back to Windows where everything just works the way you expect it to. You’re gonna blow a gasket if you keep on like this.
(Extra benefit – all those zero-day exploits will work too, far better than they do on your PowerBook.)
I don’t understand the claim of slow performance, crashes and freezes. When do these things happen to you. They only happen to me at work, on Windows XP.
Peterson is one of those sad people who craves attention of any sort. Whether or not it’s praise or excoriation doesn’t matter, at long as as the attention is his!
Absolutely, Steve should be held to his promises. Of course, that standard should be applied to Microsoft as well, right?
And, the consumer’s leverage is to go buy the alternative, and Peterson should just go ahead and do that and see where that leads him. Unfortunately, Peterson is the type of fella that is still complaining to his parents that they promised him that the Tooth Fairy was real, and so was Santy Clause. He wants his money back.
Peterson: You aren’t Maxximo from the olden days on Apple forums, are you? You make my skin crawl in the *exact* same way.
If you had any brains at all you could get onto that wireless network with you Mac. Maybe you just don’t know how to work Macs at all. Maybe that’s it.
Otherwise you wouldn’t be having so many problems.
I mean, I’ve never had to call an Apple tech…
But then, I’m probably a lot smarter than you.
Even when I’m drunk. And unconscious.
So, why not detail some of your horrible problems for us so we can get to the bottom of this? You make a lot of vague accusations, but I haven’t seen anything specific.
Maybe you’re just an idiot.
It’s a possibility I’ve been tossing around.
-c
MW: ‘love’ (the sinner, hate the stupid sh|t that comes out of his mouth)
We should simply feel pity for poor Peterson. I’m sure he has a lot of problems operating other complex hardware such as microwave ovens and toasters. And I would imagine there are a lot of things his employer (probably a relative – family takes care of it’s own – even the ‘tards) doesn’t allow him to do. Those electric pencil sharpeners can really be dangerous.
Peterson:
“I just want my Macs and Apple’s software to work as well as Steve Job claims.”
So you would rather (based on previous posts) use a POS that no one claims is a pot of gold, than use something better?
“I don’t want to have to deal with crashes, freezes, unexpected shut downs, slow-slow-slow performance, and similar annoyances…”
Oh, so you really would prefer a better experience. I don’t remember what configuration you are using, but I am using a 20″ iMac PowerPC G5 (the last one made) and I have experienced exactly one problem requiring a reboot this year. Slow is relative, but I certainly feel I get reasonable performance. Now, I do have applications that crash – in particular, I use a freeware HTML editor called Nvu which has a great crash frequency. But I guess you get what you pay for.
…when I am running expensive hardware loaded with pristine software made by the hardware maker – Apple
I think we get to the heart of your problem here. It’s that you expect that because Apple claims “it just works” – which you believe is synonymous with “it is perfect”.
I got news for ya, buddy. It does “just work” – compared to anything else on the market. Most activities on Windows are much more complicated and prone to failure than on Macs. Linux is the antithesis of “it just works” – it’s more like “you do the work”! See what I mean here? Macs aren’t flawless (they are made and programmed by humans, after all), they are just better.
I don’t want to have to rebuild permissions, trash preference files, restart, reinstall, run all kinds of maintenance scripts, and call Apple Care to get things to work the way Steve claims it works. Often, poor Apple Care tecks haven’t a clue of how to cure, for example, constant crashes when adding a simple Apple made transition to an Apple made iMovie.
Ok, two issues here.
1) You don’t want to… blah blah. Nothing in MY experience of using my iMac (had it for almost exactly 1 year now) come close. I don’t need to rebuild trash reinstall anything. Never have. I’m sorry if you have experienced these things, but I’ve been around a lot of people using Macs in the last few years, and this is NOT the TYPICAL user experience. Again, I’m sorry if it happened to you.
2) Apple techs – yes, again your mileage may vary. Apple tech support is like any other tech support, run by people hired to do a job. Sometimes they know, sometimes they don’t. Again, judging from Apple’s customer support scores in national surveys, your experience is not TYPICAL.
Since I use both OSes (my employer won’t even let me log my PowerBook onto their wireless network) and, while Mac stuff is better it is NOT a lot better and DOES NOT work as Steve claims.
Again, here you have set your personal experience to be the UNIVERSAL experience. In your opinion, Mac stuff is better, but not a LOT better, and you believe Steve promised you an experience akin to being in Nirvana while high on Ecstacy. Sorry, but “not a lot better” is subjective, and your fanciful beliefs are not necessarily reflective of everyone else’s reality.
I think we ought to hold him to his promises but that’s never going to happen with a bunch of sophomoric, foul-mouth, foolish, blind, and stupid fanatics that make up the Mac main stream customer base.
And here we get the insults. “Because you don’t believe exactly as I believe, you are stupid.” Sorry, Petey, I am neither sophomoric, foolish, blind, or a stupid fanatic. (I have to admit I do curse somewhat.) But I have had a completely different experience than you. That makes me different than you, not stupid.
Good luck with your efforts though. I think you are dangerously close to tilting at windmills though. I mean, you come here regularly to bitch and moan about “Apple’s sliding quality” and “attitude” and “welcome to Average”. Honestly, I have used Macs for 15 years+, and I don’t think the quality of build has ever been better. I don’t think pricing has ever been better. I don’t think the software has ever been better. I see NOTHING whatever that substantially supports your theories.
Neither do most people here, by their reactions to you.
But if you want to complain about your treatment in the forum, perhaps consider what you do is akin to wading into a crowd of Yankee fans at Yankee Stadium during a playoff game and screaming “Yankees SUCK and you all are STUPID for supporting them!!”.
You get pretty much the same results. And then act surprised? Or marvel that your arguments are gaining traction?
Please. Rent a donkey and head for the hills, Don Quixote.
Peterson,
Please tell me you aren’t serious. I’ve been using Macs since 1999. If I add up the time spent on problems (running about 5 Macs any one time) I reckon in those years I’d be hard pushed to make it add up to 4 days worth.
Now either you really are a troll and making all this up, or something else is very wrong. Either with you, or your Powerbook.
My advice to you is: GET SOME HELP, QUICK!
Don’t you just love Active X! Its like the best feature evar!
Sorry – “AREN’T” gaining traction.
MDN, are we EVER going to get real user IDs and the ability to edit posts???
I’ll even click on a banner for it.
” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />
Yeah, I really find Active X to be the most amazing bugware feature EVER!
I am continually amazed that people get FIRED UP over “net neutrality”, DRM, Trusted Computing, but regularly accept TOTAL BREACHES OF THEIR SECURITY through “features” like ActiveX. Where’s the anger? Where’s the outrage? (Not here, because I don’t use it..
” width=”19″ height=”19″ alt=”smile” style=”border:0;” /> )
It’s not a bug, it’s a feature, right? You WANTED your PC to become a Spam Zombie.
Haha the infidels had it coming!
This is funny, you know why?
Windoze camp is trying to tell mac guys about there one non viruse that has affected no one when
There is a critical flaw in windows that allows for live attacks simply by clicking on a link from a web page
LOL
ROFLMAO
You got to be kidding me.
MDN MAgic Word: “Believe” as in keep believeing that Microsoft will make it all better with VISTA