Another security flaw is discovered in Internet Explorer
July 9, 2009
In the last few days, over 1,060 Web sites have reportedly been hit by some rapidly-moving exploit code that installs some nasty malware on visitors' PCs by targeting a previously unknown vulnerability in certain versions of Internet Explorer (IE).
The affected sites link to servers that exploit a zero-day vulnerability in an IE component that processes specific media. The security vulnerability affects those using Windows XP and Windows Server 2003, Microsoft said in an advisory bulletin.
"A potential attacker who successfully exploited this security hole could gain the same user rights as the local user," Microsoft security representatives wrote. "When using Internet Explorer, code execution is remote and may not require any user intervention."
In all a little over 1,060 websites have been compromized. They include links that redirect users to sites that exploit the security flaw, according to CSIS. The warning also said Windows 2000 was also vulnerable to the attacks, contrary to Microsoft's write-up, which explicitly said 2000 wasn't affected. Thus, that statement wasn't accurate.
The compromized Web sites are in fact largely located in China and are operated by local schools and various community centers. They point to a series of links that ultimately redirect users to a server at 8oy4t.8.866.org, according to CSIS.
The website includes a JPG file that exploits a variety of security vulnerabilities, "including an unprecedented stack overflow in DirectShow MPEG2 Tune Request," according to CSIS. Secunia rates the vulnerability "extremely critical," the highest rating on its five-tier severity scale.
What is strange is that IE 7 on Vista isn't vulnerable, presumably because Active-X objects are blocked by default by the OS, according McAfee researcher Haowei Ren.
Other security flaws that can be exploited are known as XML-http.d, RealPlay.a, BBar, and the MS-06-014 KN, according to McAfee.
Microsoft's advisory offers a workaround users can take to safeguard their computers against the vulnerability until a security patch is released, hopefully next "Patch Tuesday".
It involves making changes to the Windows registry, a risky undertaking for those who aren't sure what they're doing. As has been pointed out in comments to this article, Microsoft's advisory provides a safer and automatic way to do this.
The much easier fix is to stop using IE altogether until there's a permanent solution, at least for those who don't use apps that are dependent on the Microsoft browser.
The new security hole in Direct-Show is different than a Direct-Show security flaw Microsoft warned of on June 8, a Microsoft spokesman said.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing