“Microsoft has released a security advisory with workarounds for a critical zero-day vulnerability affecting Windows users and warned that malicious hackers are already exploiting the flaw in live attacks,” Ryan Naraine reports for eWeek.
“The vulnerability is caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control and is rated “extremely critical” by security alerts aggregator Secunia, in Copenhagen, Denmark,” Naraine reports. “Affected software includes Windows 2000 (including Service Pack 4), Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1.”
“According to an alert from IBM’s ISS X-Force, hackers are already using the Internet Explorer browser as an attack vector. ‘These exploits target Internet Explorer through a vulnerable ActiveX control. Successful exploitation of this vulnerability may result in remote code execution,’ the Atlanta-based company said,” Naraine reports. “All supported versions of Internet Explorer are vulnerable, including the newly released IE 7.”
“Microsoft confirms the flaw could use IE to trigger code execution attacks and warned that banner advertisements and other methods of distributing Web content could also be dangerous,” Naraine reports. “It is the second major zero-day confirmed by Microsoft during the past week. On Nov. 1, the company issued a warning for an ‘extremely critical’ vulnerability in Microsoft Visual Studio 2005 that could put users at risk of remote code execution attacks.”
Full article here.
MacDailyNews Take: Live attacks? What’re those? We’d much rather do the Macarena than use Windows and Internet Explorer. In fact, we’d rather do just about anything than use Windows and Internet Explorer. If you use garbage software, don’t be surprised when your data get trashed. Can you imagine that, right now, at this very instant, smiling Joe and Jane Six Packs are blissfully exiting Best Buys and Wal-Marts with their new Windows PCs? It never ceases to amaze us.
Related MacDailyNews articles:
Class-action suit accuses Microsoft of overcharging for Windows, causing damage with IE insecurity – November 07, 2006
‘Macarena’ malware does not exploit Mac OS X bug – November 06, 2006
‘Macarena’ code shows author’s frustration at trying to make effective Mac OS X virus – November 06, 2006
Ars Technica: ‘New Mac ‘virus’ is proof of concept that hysteria sells anti-virus software’ – November 05, 2006
Symantec details ‘Macarena’ Mac OS X ‘proof-of-concept virus’ – November 03, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
McAfee: Microsoft ‘taking security risks’ with long-delayed, oft-pared-down Windows Vista – October 02, 2006
Why is Apple’s Mac OS X so much more secure than Microsoft’s Windows? – October 01, 2006
Apple Macs are far more secure than Windows PCs – September 26, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
“Vista will launch a new round of consumer frenzy to Get a PC!”
@Peterson:
And then in January, a new frenzy will take place. Angry consumers will storm the stores where they purchased their crappy Window$ PCs, and demand a refund. Why? Because Vi$ta will be exploited in 48 hours, and their SPAM and spyware will continue, when Mi¢ro$oft claimed their new service would keep them from getting infected, but failed to deliver on that promise.
I foresee a huge class action suit in Mi¢ro$oft’s near future, sponsored by $ymantec and Ma¢afee. And I also see a rise in Apple market share as a direct result of the failure that will be Vi$ta.
Look, for sure most people that plan on buying a new pc will go out and get one with VISTA and not buy a mac, which is fine for them.
But i really doubt that this time around, unlike win98 and win xp, i doubt that we will see many people buying the software upgrade. The system requirments alone will put most people out of range.
I got a PC tech buddy, what he cant understand is why every new patch to windows increaes the requirments and increases the HD space but does nto add any new features.
Thats a question worth a real answer.
ANSWER: Sloppy programming.
Microsoft does make some good software, just not the OS
Meet me in the shed?
I feel bad for Peterson. Either he got a lemon machine (check your RAM, Peterson – its a common cause of instability) or the guy is mentally ill. Either way its just sad.
Peterson, what are tecks?
Peterson, you are talking about Bill Gates and Steve Ballmer.
Get your names straight before you post.
You know, I can’t for the life of me, fathom why ‘Dozers come to this site. What is there to gain? Clearly, if someone is a regular of this site, they are fans of the Mac platform, or else they are trolls.
Peterson’s take is what amazes me most. All these Apple bashers around, pretending to be Mac users and claiming “I use both: it is not much different” then a sequel of it crash, freezes, slow-slow, hangs, have to restart, reboot, reinstal, etc etc.
I simply notice that the problems they pretend do exist on the Mac are exactly those that we all know DO EXIST on an average Windows PC. The issue there is the never dying problem with Windows users. They simply cannot believe that all those problem simply are almost non-existant on the Mac. See, I said *almost*, not fanatical. Also my Mac froze 2~3 times and a couple times I had to reboot. I also had with Panther once a kernel panic where the machine says “hold the power button for few seconds” while the screen becomes veiled and multi lingual warning message appears.
Those things happens: they did to me, all 5~6 occasions since I started using Mac OS X in 2001. So it is not perfect, far from it. But it is the closest thing to perfection one can get.
This is what Windows users (and Peterson) could not simply believe: that what they experience in a WEEK time it takes multiple YEARS for the average Mac users. When they get intimate with the Mac experience and actually TRY it long enough they migrate from non-believer to the staunchest Mac fanatics of all. I witnessed that at work: now the ones that scream and actually get angry when people bash Apple and Mac OS X are all ex-Windows users.
To me they incarnate the “Fool me once shame on you, fool me twice… err, nope,… I mean, You CAN”T FOOL ME TWICE” — GW B
Peterson, get real: from your posts the only possibilities are:
A) You are a dishonest person, never worked with Mac OS X, totally frustrated with Windows and venting in here
B) You are actually a Windows user and a Mac user but you do not understand how Mac works nor care to learn: you try to apply Windowness to your Mac and be too idiot to understand you screw it daily
C) You are truly a Windows and Mac user but too idiot to make any of the two work decently
D) You are unlucky with your Mac, you got a lemon, are too idiot to realize that and because you believe other Windows users you truly believe this is the normal experience one gets from the Mac, thence all Mac users must be conspiring with Steve Jobs and tens of millions of people do actually lie and lie all together
E) All above with various mix with the addition that you are truly an idiot, thence what best could you do?