Zero-day exploits revealed following Patch Tuesday

By on December 10, 2008, 4:30 PM
Microsoft delivered its biggest patch release in five years yesterday, but this has been overshadowed by a newly discovered zero day hole in Internet Explorer that went unpatched. The exploit, first seen in China and other parts of Asia, targets Internet Explorer 7 on Windows XP and 2003 using malformed XML tags to take control of the system.

Specifically, the exploit creates an XML tag, waits 6 seconds in an attempt to thwart antivirus engines, then crashes the browser and runs malicious code when it is restarted. According to Symantec, the attack still requires some JavaScript in order to achieve code execution, so blocking JavaScript for un-trusted websites could help mitigate the risk.

Additionally, the zero day exploit has been joined by another one involving a memory problem in Microsoft SQL Server 2000 and a third vulnerability that appears to affect the WordPad Text Converter for Word 97. Microsoft says it is investigating the matter.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.