More Windows Vulnerabilities Noted
[Update: Miss M kindly shares these links and additional information about this not so lovely vulnerability: The same fix, two places to find it, and pleas to install the "unofficial fix" it could be a week till MS comes up with one (can you say "Patch Tuesday") Internet Storm Center - Cooperative Cyber http://isc.sans.org/diary.php or Security Now! Notes for Episode #20 http://grc.com/sn/notes-020.htm - thank you, MissM!]
From the Chicago Trib, and these aren't limited to Internet Explorer this time:
Users can infect their computers by visiting certain Web sites that are able to exploit some Windows-based applications, Internet security company Panda Software said Friday. It called the discovery "one of the most serious vulnerabilities recently detected."If this behaves anything like the worm I was attacked with at Thanksgiving, God help us. That was the worst mess I'd ever seen, and I've done this kind of work professionally for a very long time without coming across anything that wreaked that much havoc.
The flaw to the world's most popular software leaves PCs open to adware and spyware as well as Trojans that can hide damaging programs. Internet Explorer, Outlook and the Windows Picture and Fax viewer are used to insert the potentially harmful code, said Patrick Hinojosa, chief technology officer of Panda."
Because this exploits particular programs on Windows, rather than Windows itself, your machine can get infected simply by visiting a Web site that's set up to exploit the flaw," he said.
|