Two new pieces of computer code that could be used in cyberattacks on Windows users were posted on the Web on Wednesday and Thursday.
The exploit posted Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October.
The attack code published Wednesday is another that exploits a flaw in the way Windows handles certain graphics files and could cause a vulnerable system to crash. Microsoft provided a patch for the flaw in November with security bulletin MS05-053 and warned that the vulnerability could create an opening for spyware and Trojan horse attacks.
"It is reasonable to assume as we have seen so much proof-of-concept code distributed for these vulnerabilities that we will eventually see some class of attack," said David Marcus, security research and communications manager at McAfee.
While availability of attack code could provide cybercriminals with ammunition, patches and security software should shield Windows users, said Steve Manzuik, security product manager at eEye Digital Security.
"I am sure some will try and use the exploits, but the reality is there are patches for these issues and almost every security vendor would have by now added signatures to protect against this stuff," Manzuik said.
Michael Sutton, director at security intelligence company iDefense, a part of VeriSign, agreed. "These vulnerabilities were patched, so fortunately clients have had weeks to patch," he said.
"That's the biggest threat out there, the Microsoft Internet Explorer vulnerability which has no patch," Manzuik said. "Currently there are exploits on the Web for this that are not that malicious, but it wouldn't be too hard for someone to take this and make it malicious."
Sutton also warned computer users to be on guard for exploitation of the unpatched bug. "The one to pay attention to is the vulnerability that remains unpatched. Microsoft has released an advisory for this but no patch yet," he said. Microsoft may issue a fix outside of its monthly patching cycle for this problem, Sutton said.
Microsoft's next monthly patch release is scheduled for Dec. 13.
I'm not going to stand here and defend one OS over another. I really don't care. I use WinXP, Panther, Ubuntu, and Fedora. They all have their issues. But, I have a cool solution for an outdated and not-cared-for internet browser. Use Firefox. www.firefox.com. I never use IE unless I do Windows Update. If it wasn't for that, and the fact that Microsoft has made it impossible to uninstall, IE would've been removed from my systems a very long time ago. Now, why is MS not addressing the IE issues is beyond me. And why haven't people switch to any of the many available browsers is the biggest question mark.
They need to fix every flaw including the small ones. Also, who released the exploit to the public? If its Microsoft, they are idiots. If its some other sites, I would quickly shut them down. Also, Microsoft should rethink its thinking. Remotely controlling a computer is a flaw but other flaws have to be fixed no matter what. Being able to install software without nothing popping up etc is a flaw. If you can get spyware etc easier in IE thats a flaw. Security is more important than any extra feature in the software or imporvement in the software.
If you run it under Linux! I run ie5.0 ~ ie6.0 under Linux to test web page rendering differences. IE even seems a pit peppier under Linux. Probably because of all the underlying Windows limitations are removed. Wine has really matured in the last couple of years.
"IE has no flaws-- if you run a Linux..." Well, there you go. We dont own/use anything Linux, dear people. Nor do my neighbours. Yet there is a new LAN "Linux" which has overthrown the gov't of my pc. Since I can't run the Linux myself I would imagine it's worked out swell for the Linux user with 600,000+ packets flying out my window and none coming in. Now that's peppier. And purely unwanted and unwarranted.
The company says that manufacturing facilities in Shenzhen and Chengdu, China, will be inspected by a group "dedicated to ending sweatshop conditions in factories worldwide."
A group calling itself Evil Shadow Team reportedly hacked into Microsoft's online store in India, stealing usernames and passwords of the site's customers.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
The space agency powers down its last System Z machine, years after IBM stopped selling them for the mathematical calculation jobs for which NASA originally bought them.
I never use IE unless I do Windows Update. If it wasn't for that, and the fact that Microsoft has made it impossible to uninstall, IE would've been removed from my systems a very long time ago.
Now, why is MS not addressing the IE issues is beyond me. And why haven't people switch to any of the many available browsers is the biggest question mark.
under Linux to test web page rendering differences.
IE even seems a pit peppier under Linux. Probably
because of all the underlying Windows limitations
are removed. Wine has really matured in the last
couple of years.
<a class="jive-link-external" href="http://www.winehq.com/" target="_newWindow">http://www.winehq.com/</a>
Next!