Posted on 11/30/2005 11:42:46 AM PST by Eagle9
Microsoft acknowledged Tuesday that malicious software targeting an unpatched bug in Internet Explorer is on the loose, and urged users to run a complete system scan on its new Windows Live Safety Center -- which has a quirk of its own -- to detect and delete the code.
In an update of a security advisory issued Nov. 21, Microsoft noted that both proof-of-concept code and an exploit are in circulation. The exploit can compromise PCs running IE on a host of the company's operating systems, including Windows 98, Windows Me, Windows 2000, and Windows XP.
The bug, which was reported to Microsoft in May, was first thought to pose only a denial-of-service (DoS) attack risk, but more recent research by security vendor Computer Terrorism Ltd. said that the flaw could be used to hijack a machine simply by luring users to a malicious Web site.
While Microsoft has not produced a patch for the vulnerability, it said users could choose the "Complete Scan" option at its free-of-charge Live Safety Center site to check for and remove the malicious code.
In the advisory, Microsoft repeated its promise that it would "take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."
The advisory includes several workarounds to deflect attacks, including disabling Active scripting in Internet Explorer by choosing Tools/Internet Options, clicking the Security tab, clicking on the Custom Level button, scrolling to the Scripting section, and selecting the Disable radio button next to Active scripting.
I can relate. Still, it's nice being reminded by daily my computer:
Device: /dev/hda, FAILED SMART self-check. BACK UP DATA NOW!
;-)
I can't find the BugMeNot extension at Mozilla. I wonder what that's about?
Well, that is weird. But you can still find the latest release here.
I wonder if it was pulled from the Mozilla Extensions site pending an update for the 1.5 release?
It's deadly quiet because 99.8% of the software out there won't run on your box anymore.
Lets see, I have development tools (IDE, compilers etc), Webservers, Samba file sharing, juke boxes, audio/video editing, PVR's, home control, Open Office, several SQL databases (and with OO 2.x - a database program to use as a front end for SQL or to create dBase or Access databases) a damn good flight simulator... I don't know, I'm not lacking any tools I need.
Honestly, I don't think BugMeNot was ever hosted at the Mozilla Addons site - I believe that the BugMeNot website has always linked to that other site as the source for the extension.
Yes.
It's kinda like saying "to keep burglars from breaking in to your house, why not give them their own doorway?"
Yes.
It's kinda like saying "to keep burglars from breaking in to your house, why not give them their own doorway?"
Twice, even!
mark for later
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.