HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 40 guests online
 
Advertisement

You are here: Home arrow Resourcesarrow News from the Outside Worldarrow MS warns of Serious Security Hole
EH-Net
May 21, 2013, 05:09:32 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: MS warns of Serious Security Hole  (Read 4624 times)
0 Members and 1 Guest are viewing this topic.
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« on: July 07, 2009, 09:18:10 AM »
Article - Microsoft Warns of Serious Computer Security Hole

MS Advisory - 972890 (July 6)

Quote
Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem.
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #1 on: July 07, 2009, 10:10:51 AM »
Oh boy, I can't wait to start cleaning up the mess left behind by this one Smiley
Logged
~~~~~~~~~~~~~~
Ketchup
dalepearson
Sr. Member
****
Offline Offline

Posts: 357


View Profile WWW
« Reply #2 on: July 07, 2009, 10:14:11 AM »
This could be like the PowerPoint one though, few months to wait Smiley
Logged
:: Subliminal Hacking :: / :: Security Active Blog ::
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« Reply #3 on: July 07, 2009, 11:31:33 AM »
Tin Foil Hat Alert!!!!

Seems like a great reason to upgrade to Vista and Server 2008, since they're not affected. And considering that a fix won't be available before the reported RTM for Windows 7 later this month, you might as well purchase that license now before supplies run out.

Hmmmmm?!?! Wink

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
former33t
Full Member
***
Offline Offline

Posts: 226


View Profile
« Reply #4 on: July 07, 2009, 12:17:04 PM »
I don't know if I'd upgrade to Vista now.  Didn't MS come out about two months ago and say to wait for Windows 7 if your corporate environment hasn't already started migrating?

I know it would keep you safe from this vulnerability, but for most environments, they'll still be integration testing custom apps and configurations under Vista when Windows 7 is released.
Logged
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
UNIX
Hero Member
*****
Offline Offline

Posts: 1235


View Profile
« Reply #5 on: July 08, 2009, 12:40:09 AM »
I guess the problem is not one for us but for all the people who don't learn computer basics and update their system regulary. I am pretty sure that quite a few people will fall for such websites.

Upgrading to Vista or Server 2008 may also not be considered for people as you usually have to pay for them. Also, as said by former33t, Windows 7 is coming and even Microsoft said, that companies should wait for it and not change to Vista anymore.

Let's see, how long it really takes, until a patch is available.
Logged
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #6 on: July 08, 2009, 12:55:56 AM »
just fyi:

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution

Disclosure:

http://www.rec-sec.com/2009/07/06/ms-directshow-msvidctl-exploit/

MSF exploit:

http://trac.metasploit.com/changeset/6750
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
former33t
Full Member
***
Offline Offline

Posts: 226


View Profile
« Reply #7 on: July 08, 2009, 07:41:53 PM »
Wow.  Metasploit has an exploit already?  That was quick...
Logged
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #8 on: July 08, 2009, 08:02:55 PM »
Good to see the metasploit guys are doing their part and already have the exploit out. I wonder if MS is shitting their pants right now over this one. I bet this one just became a few peoples favorites Wink I'm sure it's already being exploited out there in the wild right now by attackers - expect there to be an article in the yahoo news in a few days - a week?
Logged
eCPPT, GCIH, OSCP, OSWP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.