• Two 0days on the loose

    Posted on December 11, 2008 at 22:09 CST by Comment in the Forums

    Susan Bradley’s column in the latest issue of Windows Secrets Newsletter talks about two new 0day attacks on Microsoft products.

    First, the WordPad virus. No, I don’t make this up. Microsoft discusses the problem in its Security Advisory 960906. If you’re running Windows XP Service Pack 2, you may be at risk, if you open documents with WordPad. Vista and XP SP3 customers are safe.

    Gad.

    The other one is much more serious, for those of you who insist on using Internet Explorer. It seems that there’s a hole in the way IE interprets XML files. It’s so bad that you can get infected by simply going to a jiggered site. (Remember that some attacks latch on to well-known sites by rolling themselves into advertisements.) No click necessary.

    Microsoft has issued an advisory on the hole:

    Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

    SANS Internet Storm Center is keeping track of the latest. It’s nasty, and most antivirus products don’t catch it yet.

    The solution? Use Firefox, of course. Sheesh.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.