also @ TechSpot: Google to launch Twitter-like service for Gmail

Most Popular

Top Stories Commented  Featured 

ATI Radeon HD 5570 Review  featured

TechSpot's PC Buying Guide: Always up to date!  featured

Windows 7 overtakes Vista among enthusiasts, plus other interesting trends

Microsoft rumored to showcase Windows Mobile 7 next week with Zune-like interface

IBM launches next generation Power 7 CPU, servers

AMD's six-core Thuban to have feature like Turbo Boost?

Google to launch Twitter-like service for Gmail

Intel unveils Itanium 9300 series enterprise processors

More Top Stories

Downloads & Drivers

Downloads   Drivers  

Super Utilities Professional 9.8.8

Blaze Media Pro 9.10

F-Secure Internet Security 2010 10.12

IncrediMail 6.0.4 Build 4480

Cobian Backup 10.0.0.244 Beta

More Downloads

TS Community

Recent Discussion   User Gallery  

Problem with formating new hard drive ?

Will Radeon 5870 run with a 580W PSU?

Motherboard SLI/Crossfire support

Suggestions On A New Laptop

No bootable devices

More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

IT Security

Zero-day exploits revealed following Patch Tuesday

By Jose Vilches, TechSpot.com
Published: December 10, 2008, 4:30 PM EST
Microsoft delivered its biggest patch release in five years yesterday, but this has been overshadowed by a newly discovered zero day hole in Internet Explorer that went unpatched. The exploit, first seen in China and other parts of Asia, targets Internet Explorer 7 on Windows XP and 2003 using malformed XML tags to take control of the system.

Specifically, the exploit creates an XML tag, waits 6 seconds in an attempt to thwart antivirus engines, then crashes the browser and runs malicious code when it is restarted. According to Symantec, the attack still requires some JavaScript in order to achieve code execution, so blocking JavaScript for un-trusted websites could help mitigate the risk.

Additionally, the zero day exploit has been joined by another one involving a memory problem in Microsoft SQL Server 2000 and a third vulnerability that appears to affect the WordPad Text Converter for Word 97. Microsoft says it is investigating the matter.

Related Stories

Post a comment
RSS