Well, Microsoft did it again; they ignored a researcher’s warning, leaving them in hurry-up mode, trying to fix an Internet Explorer exploit that’s gone zero-day.
If you didn’t catch Minneapolis Tech Innovations Examiner Aleksandra Denisova’s article Windows XP and Server 2003 users beware: Microsoft vulnerability leaves you open for an attack, you need to, as Aleksandra details how to temporarily fix this issue.
A year ago
You may wonder why I’m rehashing this vulnerability. That’s a valid question. In explanation, I thought everyone would like to know that once again Microsoft has chosen to disregard warnings by well-known security research teams. This vulnerability was reported a year ago and I submit CVE-2008-0015 as proof that Microsoft acknowledged the bug in 2008.
Déjà vu
I say “once again” as this same scenario happened not that long ago with a different vulnerability that was exploited by the Conficker worm. Microsoft eventually released an out-of-sequence patch for it. Even so, the bad guys have had little trouble creating a botnet consisting of millions of Conficker-infected computers that are sending billions of spam e-mail messages out each day.
I chronicled that effort in several articles, here are two of them: MS08-067: Not updating has created a monster botnet and Conficker.C: April Fools or maybe not.
Final thoughts
The security analysts who raised the alarm about the new ActiveX vulnerability are more concerned about this zero-day exploit than Conficker. They feel it has the potential to out-perform Conficker, which is not a good thing. I guess only time will tell. Hopefully, Microsoft will have a permanent fix ready for next Tuesday (13 Jul 2009) which is their regularly scheduled patch day.
For information about other Microsoft issues, please refer to Microsoft: One-stop for security tips.
Comments
I just read a comment by Roger Thompson, chief research officer for AVG. He concurs with my assessment that this vulnerability is potentially worse than Conficker:
"It's better than [the vulnerability used by] Conficker," Roger Thompson, chief research officer at AVG Technologies, said yesterday. "It exposes the whole world, and can be exploited through the firewall. That's better than Conficker, which mostly did its damage once it got inside a network."
Microsoft has confirmed in an advanced notice that two zero-day vulnerabilities: DirectX's DirectShow and ActiveX will be patched this coming Tuesday (13 Jun 2009).
Sorry for the typo in the last comment it's supposed to be 13 Jul 2009.
Thus the reason I use Spyware Blaster that uses registry hacks to block active X exploits silently, plus a host file to foil bad servers supporting malicious active X attacks.
I've never been hit by an active X attack on any of my machines. I can't help giving Javacool Software their due!
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!