.

MS warns of Serious Security Hole

<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Jul 07, 2009 9:18 am

MS warns of Serious Security Hole

Article - Microsoft Warns of Serious Computer Security Hole

MS Advisory - 972890 (July 6)

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Jul 07, 2009 10:10 am

Re: MS warns of Serious Security Hole

Oh boy, I can't wait to start cleaning up the mess left behind by this one :)
~~~~~~~~~~~~~~
Ketchup
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Tue Jul 07, 2009 10:14 am

Re: MS warns of Serious Security Hole

This could be like the PowerPoint one though, few months to wait :)
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jul 07, 2009 11:31 am

Re: MS warns of Serious Security Hole

Tin Foil Hat Alert!!!!


Seems like a great reason to upgrade to Vista and Server 2008, since they're not affected. And considering that a fix won't be available before the reported RTM for Windows 7 later this month, you might as well purchase that license now before supplies run out.

Hmmmmm?!?! ;)

Don
CISSP, MCSE, CSTA, Security+ SME
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Tue Jul 07, 2009 12:17 pm

Re: MS warns of Serious Security Hole

I don't know if I'd upgrade to Vista now.  Didn't MS come out about two months ago and say to wait for Windows 7 if your corporate environment hasn't already started migrating?

I know it would keep you safe from this vulnerability, but for most environments, they'll still be integration testing custom apps and configurations under Vista when Windows 7 is released.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Jul 08, 2009 12:40 am

Re: MS warns of Serious Security Hole

I guess the problem is not one for us but for all the people who don't learn computer basics and update their system regulary. I am pretty sure that quite a few people will fall for such websites.

Upgrading to Vista or Server 2008 may also not be considered for people as you usually have to pay for them. Also, as said by former33t, Windows 7 is coming and even Microsoft said, that companies should wait for it and not change to Vista anymore.

Let's see, how long it really takes, until a patch is available.
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Wed Jul 08, 2009 12:55 am

Re: MS warns of Serious Security Hole

just fyi:

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution

Disclosure:

http://www.rec-sec.com/2009/07/06/ms-di ... l-exploit/

MSF exploit:

http://trac.metasploit.com/changeset/6750
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Wed Jul 08, 2009 7:41 pm

Re: MS warns of Serious Security Hole

Wow.  Metasploit has an exploit already?  That was quick...
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Jul 08, 2009 8:02 pm

Re: MS warns of Serious Security Hole

Good to see the metasploit guys are doing their part and already have the exploit out. I wonder if MS is shitting their pants right now over this one. I bet this one just became a few peoples favorites ;) I'm sure it's already being exploited out there in the wild right now by attackers - expect there to be an article in the yahoo news in a few days - a week?
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software