Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Severe IE vulnerability threatens Windows XP users
net-security.org ^

Posted on 03/01/2010 9:59:39 AM PST by Gomez

News of a newly discovered bug in VBScript and Windows Help files in Internet Explorer that could allow a remote attacker to run an arbitrary command has reached Microsoft on Friday and they immediately sat down to investigate the matter.

After two days, they confirmed that this vulnerability "could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box", but that there has been no news about attacks exploiting it so far.

Maurycy Prodeus, the security analyst that discovered the vulnerability, says that Windows XP SP3 running IE 8,7 or 6 are vulnerable, and Microsoft assures that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.

Microsoft is yet to confirm when the fix will be released, but Computerworld reports that Prodeus himself offered a temporary solution: blocking TCP port 445. "However, it is worth to note that blocking this port doesn't solve the problem, because there might be [an]other attacking vector, for example, uploading an arbitrary file to the victim's machine at known path location using some third-party browser plug-ins," he said.


TOPICS: Computers/Internet
KEYWORDS: browser; internetexplorer; microsoft; microsofttax; webbrowser; windows; windowsxp

1 posted on 03/01/2010 9:59:39 AM PST by Gomez
[ Post Reply | Private Reply | View Replies]

To: Gomez

bookmark


2 posted on 03/01/2010 10:00:02 AM PST by GOP Poet (Obama is an OLYMPIC failure.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

ping


3 posted on 03/01/2010 10:00:18 AM PST by Gomez (killer of threads)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gomez

The fix is to open a command prompt and issue the command:

format c: /u


4 posted on 03/01/2010 10:02:40 AM PST by freedumb2003 ( Tagline lost -- anyone seen it?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: freedumb2003

I wonder how many of the same vulnerabilities will be found in other platforms and software once the hackers determine that it is fun to hit them too.


5 posted on 03/01/2010 10:05:12 AM PST by Ingtar (Reckon the process will be silly - Reckonsilliation)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Gomez

I don’t think I’ve pressed an F-anything key in over 20 years.


6 posted on 03/01/2010 10:06:42 AM PST by GovernmentShrinker
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ingtar

Probably too damn soon.

Hackers should be public strung up like horse thieves were in the old west. Only dropped slowly to prolong the agony as long as possible.

And I ain’t joking.


7 posted on 03/01/2010 10:08:48 AM PST by freedumb2003 ( Tagline lost -- anyone seen it?)
[ Post Reply | Private Reply | To 5 | View Replies]

To: GovernmentShrinker

I have, but only because I missed the Esc key I was aiming at.


8 posted on 03/01/2010 10:09:40 AM PST by MetaThought
[ Post Reply | Private Reply | To 6 | View Replies]

To: freedumb2003
You really shouldn't do that... there are some technically-challenged older folks out there who still have 12:00 blinking on their VCR's... ;-)
9 posted on 03/01/2010 10:10:31 AM PST by andy58-in-nh (America does not need to be organized: it needs to be liberated.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: andy58-in-nh

LOL — I do feel a little guilty now.

A little ;)


10 posted on 03/01/2010 10:11:52 AM PST by freedumb2003 ( Tagline lost -- anyone seen it?)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Gomez

bttt


11 posted on 03/01/2010 10:14:42 AM PST by bmwcyle (Free the Navy Seals)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Gomez
An easy fix = switch to W-7 or an upgraded version of Vista. The fixes have been very effective and using their new MS-Security Essentials virus program has been a major improvement.

SE works extremely well, updates faster, speeds up your system greatly and covers your firewall, spyware, malware and Trojan threats all in one compatible security program.

I cannot express enough how well this program works, and it is totally free and easy go get direct from Microsoft.

12 posted on 03/01/2010 10:14:57 AM PST by PSYCHO-FREEP ( Give me Liberty, or give me an M-24A2!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gomez

Easy.

Just post in forums and emails:


13 posted on 03/01/2010 10:18:56 AM PST by TomGuy
[ Post Reply | Private Reply | To 1 | View Replies]

To: GovernmentShrinker

No love for Alt+F4?


14 posted on 03/01/2010 10:20:21 AM PST by Gomez (killer of threads)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Gomez

What does it do that I should have love for?


15 posted on 03/01/2010 10:46:37 AM PST by GovernmentShrinker
[ Post Reply | Private Reply | To 14 | View Replies]

To: GovernmentShrinker
What does it do that I should have love for?

Terminates the program running in the currently selected window.

16 posted on 03/01/2010 10:54:06 AM PST by Bloody Sam Roberts (An armed man is a citizen. An unarmed man is a subject.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: GovernmentShrinker

Shut down the current window. It’s a lot easier than chasing X’s around at the end of the day when it’s time to shut down.


17 posted on 03/01/2010 10:56:42 AM PST by Gomez (killer of threads)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Gomez

Let me add - don’t run as admin unless you are installing something.

I swear that takes care of 90% of the really bad stuff.


18 posted on 03/01/2010 11:00:20 AM PST by ko_kyi
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

19 posted on 03/01/2010 11:03:01 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gomez

Go to Mozilla.Com; and download the Firefox browser for free; including all later updates which are free as well.

It is better than IE, a smaller “footprint” than IE in your PC, works with all current versions of Windows, or Macs and lacks MS security bugs.

You can also get, for Firefox, the usual “add-ons” and “plug-ins” for apps like Adobe Reader, Flash, etc.

My interest? None.

Firefox is part of the Mozilla “open source” family of apps.

You can also replace Outlook with Thunderbird while you are at it.


20 posted on 03/01/2010 11:15:36 AM PST by Wuli
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gomez
ZDNet use to provide fairly complete coverage of the LoveBug problem and instructions on how to completely disable VBScript. (Basically, from Windows Explorer, select View / Options... / File Types / VBScript Script File / Remove. There are slight variations for different versions of Windows.)
21 posted on 03/01/2010 11:17:22 AM PST by McGruff (Don't criticize. Explain to me who I should support other than Sarah Palin.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: freedumb2003
this is faster

fdisk -y c:

22 posted on 03/01/2010 1:20:53 PM PST by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Gomez

That would require either taking my right hand off my mouse to hit the keys, or taking my left hand out of my lap, off my teacup, off my phone (gotta surf while having boring conversations with people I gotta be civil to), or out from under my cat’s chin, to hit the keys. Not worth the bother (or the “how could you?” glare from the cat) when the handy little X is always there.


23 posted on 03/01/2010 2:17:41 PM PST by GovernmentShrinker
[ Post Reply | Private Reply | To 17 | View Replies]

To: PSYCHO-FREEP

do you use zone alarm?


24 posted on 03/01/2010 5:41:33 PM PST by robomatik (III %)
[ Post Reply | Private Reply | To 12 | View Replies]

To: andy58-in-nh; freedumb2003
> You really shouldn't do that... there are some technically-challenged older folks out there who still have 12:00 blinking on their VCR's... ;-)

Not just the technically challenged older folks.

I'm only 57, direct a department of system administrators, have been computing since 1970, designed and built and wrote software for computers and related devices all my professional life...

... and MY VCR goes 12:00 too.

... but that's just because I don't give a damn. :)

25 posted on 03/01/2010 6:54:59 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: dayglored; andy58-in-nh; freedumb2003

What’s are you doing with a VCR?


26 posted on 03/01/2010 6:56:34 PM PST by CougarGA7 (In order to dream of the future, we need to remember the past. - Bartov)
[ Post Reply | Private Reply | To 25 | View Replies]

To: CougarGA7
What’s are you doing with a VCR?

I wrote an interface -- I can now copy a 1/2 TV show from my VCR to only 12 8" floppies!

27 posted on 03/01/2010 7:13:25 PM PST by freedumb2003 ( Tagline lost -- anyone seen it?)
[ Post Reply | Private Reply | To 26 | View Replies]

To: CougarGA7; andy58-in-nh; freedumb2003
> What’s are you doing with a VCR?

My collection of Monty Python episodes, plus Yellow Submarine and a few other classics, are on VHS. It's painful after getting used to DVDs, but better than nothing.

28 posted on 03/01/2010 8:41:22 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: freedumb2003; CougarGA7
> I wrote an interface -- I can now copy a 1/2 TV show from my VCR to only 12 8" floppies!

OMG. Back around 1981 my MC6809 homebrew (wire-wrapped) computer used Shugart 8" floppy drives. Cost $400 each. I designed and wirewrapped the controller, wrote the BIOS driver, and interfaced it to Flex09 from TSC for primary storage.

If it weren't for the fact that I tossed out all my 8" floppy media a few years ago, I'd send them to you to augment your collection... :)

29 posted on 03/01/2010 8:47:13 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 27 | View Replies]

To: freedumb2003

>> format c: /u

Now that’s abusive


30 posted on 03/01/2010 8:50:18 PM PST by Gene Eric (Your Hope has been redistributed. Here's your Change.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: dayglored; freedumb2003

You said words.


31 posted on 03/01/2010 9:27:05 PM PST by CougarGA7 (In order to dream of the future, we need to remember the past. - Bartov)
[ Post Reply | Private Reply | To 29 | View Replies]

To: dayglored

>>OMG. Back around 1981 my MC6809 homebrew (wire-wrapped) computer used Shugart 8” floppy drives<<

You low-techies. *I* programmed CCWs in the high-level Z80 assembler. None of that low-brow Motorola stuff for me (well, except I think Z80 WAS Motorola lol).

Can you imagine if V’Ger were to come back today with a bunch of 8” or 5-1/4” disks asking us to interface with it? Let’s face it, even us Space Cowboy generation wouldn’t have the hw to do it. We would probably just get zapped into oblivion.


32 posted on 03/01/2010 9:56:01 PM PST by freedumb2003 ( Tagline lost -- anyone seen it?)
[ Post Reply | Private Reply | To 29 | View Replies]

To: freedumb2003
> You low-techies. *I* programmed CCWs in the high-level Z80 assembler. None of that low-brow Motorola stuff for me (well, except I think Z80 WAS Motorola lol).

Nope, Z80 was Zilog.

Since 1976 or so I tended to favor the Motorola/MOS architectures (6800, 6502, 6809, 68000) over the Intel/Zilog (8080, Z80, 8086), until finally Intel gave up on segments and started doing things right (with the 386), then it was all over for Motorola.

But since when was Z80 assembler "high level"? About the only thing it's higher than is machine hex... (or perhaps, if you go back far enough, octal...)

33 posted on 03/01/2010 10:33:48 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 32 | View Replies]

To: dayglored

>>But since when was Z80 assembler “high level”? About the only thing it’s higher than is machine hex... (or perhaps, if you go back far enough, octal...)<<

It was octal — but it had index registers — very cool and easy to work with. 8086 made you set up the pointer stack longhand *yech* — I could do it but I never liked it. Reserve the memory, store the register contents, then get it back... NVA just in housekeeping! LOL (like segmenting in COBOL 68)

Those index registers cut coding buy 1/2 at least without giving up efficiency.

Now — I miss all that.

(Z80=Zilog: Jeeze, you are so right! I just remember the platform, not the name. Memories, memories — what was your name again?)


34 posted on 03/01/2010 10:46:37 PM PST by freedumb2003 ( Tagline lost -- anyone seen it?)
[ Post Reply | Private Reply | To 33 | View Replies]

To: freedumb2003
> (Z80=Zilog: Jeeze, you are so right! I just remember the platform, not the name. Memories, memories — what was your name again?)

Heh. My brain still knows that LDA# (load accumulator immediate) on the 6502 is hex A9. Haven't used that bit of mental lint since 1985. But what did I have for breakfast today, much less for dinner last night?

What was the question?

35 posted on 03/02/2010 7:00:22 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 34 | View Replies]

To: dayglored; All

the day windows95 was loaded was the day my dreams all came true.


36 posted on 03/06/2010 6:40:08 PM PST by bitt ("WE THE PEOPLE" http://www.youtube.com/watch?v=JVAhr4hZDJE)
[ Post Reply | Private Reply | To 35 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson