Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Another security flaw is discovered in Internet Explorer

Add to     Digg this story Digg this

July 9, 2009

In the last few days, over 1,060 Web sites have reportedly been hit by some rapidly-moving exploit code that installs some nasty malware on visitors' PCs by targeting a previously unknown vulnerability in certain versions of Internet Explorer (IE).

The affected sites link to servers that exploit a zero-day vulnerability in an IE component that processes specific media. The security vulnerability affects those using Windows XP and Windows Server 2003, Microsoft said in an advisory bulletin.

"A potential attacker who successfully exploited this security hole could gain the same user rights as the local user," Microsoft security representatives wrote. "When using Internet Explorer, code execution is remote and may not require any user intervention."

In all a little over 1,060 websites have been compromized. They include links that redirect users to sites that exploit the security flaw, according to CSIS. The warning also said Windows 2000 was also vulnerable to the attacks, contrary to Microsoft's write-up, which explicitly said 2000 wasn't affected. Thus, that statement wasn't accurate.

The compromized Web sites are in fact largely located in China and are operated by local schools and various community centers. They point to a series of links that ultimately redirect users to a server at, according to CSIS.

The website includes a JPG file that exploits a variety of security vulnerabilities, "including an unprecedented stack overflow in DirectShow MPEG2 Tune Request," according to CSIS. Secunia rates the vulnerability "extremely critical," the highest rating on its five-tier severity scale.

What is strange is that IE 7 on Vista isn't vulnerable, presumably because Active-X objects are blocked by default by the OS, according McAfee researcher Haowei Ren.

Other security flaws that can be exploited are known as XML-http.d, RealPlay.a, BBar, and the MS-06-014 KN, according to McAfee.

Microsoft's advisory offers a workaround users can take to safeguard their computers against the vulnerability until a security patch is released, hopefully next "Patch Tuesday".

It involves making changes to the Windows registry, a risky undertaking for those who aren't sure what they're doing. As has been pointed out in comments to this article, Microsoft's advisory provides a safer and automatic way to do this.

The much easier fix is to stop using IE altogether until there's a permanent solution, at least for those who don't use apps that are dependent on the Microsoft browser.

The new security hole in Direct-Show is different than a Direct-Show security flaw Microsoft warned of on June 8, a Microsoft spokesman said.

Add to     Digg this story Digg this

Source: CSIS.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Get your Linux or Windows dedicated server today.

The industry's best and most accurate tool to find out EXACTLY what your CORRECT keywords are. Click here to learn more.