Zero-day exploits revealed following Patch Tuesday

Most Popular

Downloads & Drivers

Downloads

Drivers

Zortam Mp3 Media Studio 9.40

Xplorer2 Lite 1.7.2.7

DVD Flick 1.3.0.7

McFunSoft Audio Editor 6.7.13.7

FileZilla 3.2.6.1

More Downloads

TS Community

User Gallery

Recent Discussion

big window by bigspud200	home punisher! by GlobalKoopa
Windows Vista desktop wallpaper by Julio	Funny sign by A_DOG73

More at the Forum

Newsletter

Our Feeds

IT Security

Zero-day exploits revealed following Patch Tuesday

By Jose Vilches, TechSpot.com
Published: December 10, 2008, 4:30 PM EST

Microsoft delivered its biggest patch release in five years yesterday, but this has been overshadowed by a newly discovered zero day hole in Internet Explorer that went unpatched. The exploit, first seen in China and other parts of Asia, targets Internet Explorer 7 on Windows XP and 2003 using malformed XML tags to take control of the system.

Specifically, the exploit creates an XML tag, waits 6 seconds in an attempt to thwart antivirus engines, then crashes the browser and runs malicious code when it is restarted. According to Symantec, the attack still requires some JavaScript in order to achieve code execution, so blocking JavaScript for un-trusted websites could help mitigate the risk.

Additionally, the zero day exploit has been joined by another one involving a memory problem in Microsoft SQL Server 2000 and a third vulnerability that appears to affect the WordPad Text Converter for Word 97. Microsoft says it is investigating the matter.

Related Stories

TechSpot - PC Technology News and Analysis

Most Popular

Downloads & Drivers

TS Community

Subscribe

IT Security

Zero-day exploits revealed following Patch Tuesday

Featured Tech Content - Inside TechSpot