gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76620 Posts in 13450 Topics by 2077 Members - Latest Member: Kitkat May 16, 2021, 09:05:44 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Beware New Browser Exploit
gfx
gfxgfx
 

Author Topic: Beware New Browser Exploit  (Read 1178 times)

0 Members and 1 Guest are viewing this topic.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Beware New Browser Exploit
« on: December 15, 2008, 02:55:09 pm »
It seems the time of good cheer is a time for malware pedlars to launch their latest attack.

http://www.theregister.co.uk/2008/12/15/ie7_exploits/

Quote
Microsoft warned on Saturday that attacks targeting the vulnerability, which affects versions of its flagship browser on all supported versions of Windows, are becoming more widespread. The security bug first came to prominence a week ago, just before the latest edition of Microsoft's update cycle.
At first the flaw was exploited in targeted Trojan attacks but it's now become much more widespread. Crackers have planted exploit code on warez and smut sites and, in some cases, legitimate sites through the use of website vulnerabilities. A popular search engine in Taiwan is among the victims.

As a result an estimated one in 500 users worldwide have been exposed to the vulnerability, Microsoft estimates.


For more details read here

http://secunia.com/advisories/33089/

Quote
The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected.

Solution:
Do not browse untrusted websites or follow untrusted links.
The vendor recommends disabling the use of Oledb32.dll. Please see vendor advisory for additional information.

Merry Xmas folks and stay alert and healthy by keeping your systems antivirus solution updated, doing it "later" could be a costly mistake.





Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Beware New Browser Exploit
« Reply #1 on: December 16, 2008, 10:16:07 am »
if you have automatic updates turned on you already have downloaded, or been prompted to download, but may not have installed the fix.... or to put it another way... a fix is already available... use the online scanner at www.secunia.com to check your system.... (and the best fix of all... quit using IE)

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Beware New Browser Exploit
« Reply #2 on: December 16, 2008, 02:28:42 pm »
That seems to be the general concensus of opinion atm use another browser until this is resolved.

http://news.bbc.co.uk/1/hi/technology/7784908.stm

Quote
Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.


 :o 


Offline tig

  • Forum Member
  • WinMXWorld.com Help_AE182F4EBABE
Re: Beware New Browser Exploit
« Reply #3 on: December 16, 2008, 03:21:00 pm »
Just as well i never ask ie to save passwords and only use it if school discussion board goes funny on firefox.
People become really quite remarkable when they start thinking that they can do things. When they believe in themselves they have the first secret of success. BY Norman Vincent Peale

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Beware New Browser Exploit
« Reply #4 on: December 17, 2008, 05:26:51 am »
try opera if FF goes funny rather than resorting to IE... safer that way....

Offline Cobra

  • Forum Member
  • I'm not me.
Re: Beware New Browser Exploit
« Reply #5 on: December 17, 2008, 07:17:08 am »
Everything is safer without using IE (or Outlook).
Downloading is an addiction I do not want to give up.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Beware New Browser Exploit
« Reply #6 on: December 17, 2008, 10:45:13 am »
Emergency fix information for those needing it .

http://www.theregister.co.uk/2008/12/16/microsoft_ie_emergency_patch_warning_dec_16_2008/

Quote
The vulnerability is specifically targeted at surfers running IE 7, but it's also known to affect versions 5, 6, and 8 of the browser as well. All IE users are advised to install the update.

Microsoft's emergency patch will become available Wednesday at 1 PM EST from auto-update and the Microsoft Download Center. A separate patch will be made available for those running IE8 Beta 2. ®

Look here in approximately 10 hours from this post for the emergency fix.

http://go.microsoft.com/fwlink/?LinkId=21129


Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Beware New Browser Exploit
« Reply #7 on: December 17, 2008, 11:45:07 am »
the really bad part about all this is winmx makes use of IE (yes i know its just a tiny part but its still running)

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Beware New Browser Exploit
« Reply #8 on: December 18, 2008, 10:04:51 am »
It does not however face any of the problems of an exploit unless the location hosting the update bar is under the attackers control, the community patch actually removes this exploit by replacing the internet explorer window for a simple text window, you may have all noticed this change, such things have been thought about some time ago and acted upon  :-D

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Beware New Browser Exploit
« Reply #9 on: December 19, 2008, 02:57:27 am »
i thought the text on that window was still going through mshtml.dll (imma going to be nosy and run it in a debugger)

if its not then... damn... kudos eagle...

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Beware New Browser Exploit
« Reply #10 on: December 19, 2008, 03:07:18 am »
it doesnt use mshtml... in fact it doesnt use anything relating to the major workings of IE... it just uses the basics of a program that accesses the web... er... wow...

has some hellacious hiccups tho (winmx that is) but it is a beta version... to bad the MX never got 'finished' (out of beta)

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Beware New Browser Exploit
 

gfxgfx
gfx
©2005-2021 WinMXWorld.com. All Rights Reserved.
SMF 2.0.18 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.036 seconds with 24 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!