Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Thursday, November 09, 2006 10:04 AM PT Posted by Erik Larkin

IE Zero-Day Attack

The online thugs are breaking into Windows via a new zero-day vulnerability in Windows XP, 2000 and Server 2003.

Zero-day loosely refers to an exploited hole which doesn't yet have a patch. This flaw is technically in a part of Windows called the XMLHTTP 4.0 ActiveX Control, but the attack is triggered when you view a poisoned Web page with Internet Explorer. IE calls up the ActiveX control to view the page, and the attacker nails the control with a buffer overflow. He can then download spyware, steal data, and generally have his way with your computer.

In its advisory, Microsoft doesn't list whether IE 7 users could be hit. But since the problem lies with part of Windows, and IE just acts as a pass-through for the attack, it's likely that IE 7 is affected as well. Though you might get a pop-up to authorize using the ActiveX control that you don't get with IE 6.

Security company Secunia rates this extremely critical, its strongest warning. HTML e-mails could also carry the attack, but in its advisory, Microsoft says that most Outlook versions should already be protected.

To protect IE, the Microsoft advisory lists a number of workarounds that disable the ActiveX control and/or Active Scripting, but also warns that using them could stop many pages from working or result in a bunch of annoying pop-ups asking for your ok. Or you could switch to an alternate browser like Firefox or Opera until Microsoft releases a patch.

Comments

Is there anything stable that Microsoft can create?

johnybbad
November 14, 2006
6:36 PM PT

Is there anything stable that Microsoft or Windows can create?

johnybbad
November 14, 2006
6:36 PM PT
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: