Most Popular
| Top Stories | Commented | Featured |
TechSpot Blog: Disable Windows automatic check for solutions after a program crashes featured
Weekend Open Forum: Google Chrome OS and the future of cloud computing featured
Tech Tip of the Week: Unearth Region-Specific Windows 7 Themes featured
Sony: PlayStation 3 to be 3D-capable via firmware update
Radeon HD 5970 supplies dry up quick, not a big surprise
Xbox Live bans prompt class action lawsuit
Mozilla reveals 2008 revenue, rumors say Firefox coming to PS3
TechSpot RSSIT Security
Zero-day exploits revealed following Patch Tuesday
Microsoft delivered its biggest patch release in five years yesterday, but this has been overshadowed by a newly discovered zero day hole in Internet Explorer that went unpatched. The exploit, first seen in China and other parts of Asia, targets Internet Explorer 7 on Windows XP and 2003 using malformed XML tags to take control of the system.
Specifically, the exploit creates an XML tag, waits 6 seconds in an attempt to thwart antivirus engines, then crashes the browser and runs malicious code when it is restarted. According to Symantec, the attack still requires some JavaScript in order to achieve code execution, so blocking JavaScript for un-trusted websites could help mitigate the risk.
Additionally, the zero day exploit has been joined by another one involving a memory problem in Microsoft SQL Server 2000 and a third vulnerability that appears to affect the WordPad Text Converter for Word 97. Microsoft says it is investigating the matter.
Specifically, the exploit creates an XML tag, waits 6 seconds in an attempt to thwart antivirus engines, then crashes the browser and runs malicious code when it is restarted. According to Symantec, the attack still requires some JavaScript in order to achieve code execution, so blocking JavaScript for un-trusted websites could help mitigate the risk.
Additionally, the zero day exploit has been joined by another one involving a memory problem in Microsoft SQL Server 2000 and a third vulnerability that appears to affect the WordPad Text Converter for Word 97. Microsoft says it is investigating the matter.
Related Stories
