Skip to comments.Severe IE vulnerability threatens Windows XP users
Posted on 03/01/2010 9:59:39 AM PST by Gomez
News of a newly discovered bug in VBScript and Windows Help files in Internet Explorer that could allow a remote attacker to run an arbitrary command has reached Microsoft on Friday and they immediately sat down to investigate the matter.
After two days, they confirmed that this vulnerability "could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box", but that there has been no news about attacks exploiting it so far.
Maurycy Prodeus, the security analyst that discovered the vulnerability, says that Windows XP SP3 running IE 8,7 or 6 are vulnerable, and Microsoft assures that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.
Microsoft is yet to confirm when the fix will be released, but Computerworld reports that Prodeus himself offered a temporary solution: blocking TCP port 445. "However, it is worth to note that blocking this port doesn't solve the problem, because there might be [an]other attacking vector, for example, uploading an arbitrary file to the victim's machine at known path location using some third-party browser plug-ins," he said.
The fix is to open a command prompt and issue the command:
format c: /u
I wonder how many of the same vulnerabilities will be found in other platforms and software once the hackers determine that it is fun to hit them too.
I don’t think I’ve pressed an F-anything key in over 20 years.
Probably too damn soon.
Hackers should be public strung up like horse thieves were in the old west. Only dropped slowly to prolong the agony as long as possible.
And I ain’t joking.
I have, but only because I missed the Esc key I was aiming at.
LOL — I do feel a little guilty now.
A little ;)
SE works extremely well, updates faster, speeds up your system greatly and covers your firewall, spyware, malware and Trojan threats all in one compatible security program.
I cannot express enough how well this program works, and it is totally free and easy go get direct from Microsoft.
No love for Alt+F4?
What does it do that I should have love for?
Terminates the program running in the currently selected window.
Shut down the current window. It’s a lot easier than chasing X’s around at the end of the day when it’s time to shut down.
Let me add - don’t run as admin unless you are installing something.
I swear that takes care of 90% of the really bad stuff.
Go to Mozilla.Com; and download the Firefox browser for free; including all later updates which are free as well.
It is better than IE, a smaller “footprint” than IE in your PC, works with all current versions of Windows, or Macs and lacks MS security bugs.
You can also get, for Firefox, the usual “add-ons” and “plug-ins” for apps like Adobe Reader, Flash, etc.
My interest? None.
Firefox is part of the Mozilla “open source” family of apps.
You can also replace Outlook with Thunderbird while you are at it.
fdisk -y c:
That would require either taking my right hand off my mouse to hit the keys, or taking my left hand out of my lap, off my teacup, off my phone (gotta surf while having boring conversations with people I gotta be civil to), or out from under my cat’s chin, to hit the keys. Not worth the bother (or the “how could you?” glare from the cat) when the handy little X is always there.
do you use zone alarm?
Not just the technically challenged older folks.
I'm only 57, direct a department of system administrators, have been computing since 1970, designed and built and wrote software for computers and related devices all my professional life...
... and MY VCR goes too.
... but that's just because I don't give a damn. :)
What’s are you doing with a VCR?
I wrote an interface -- I can now copy a 1/2 TV show from my VCR to only 12 8" floppies!
My collection of Monty Python episodes, plus Yellow Submarine and a few other classics, are on VHS. It's painful after getting used to DVDs, but better than nothing.
OMG. Back around 1981 my MC6809 homebrew (wire-wrapped) computer used Shugart 8" floppy drives. Cost $400 each. I designed and wirewrapped the controller, wrote the BIOS driver, and interfaced it to Flex09 from TSC for primary storage.
If it weren't for the fact that I tossed out all my 8" floppy media a few years ago, I'd send them to you to augment your collection... :)
>> format c: /u
Now that’s abusive
You said words.
>>OMG. Back around 1981 my MC6809 homebrew (wire-wrapped) computer used Shugart 8” floppy drives<<
You low-techies. *I* programmed CCWs in the high-level Z80 assembler. None of that low-brow Motorola stuff for me (well, except I think Z80 WAS Motorola lol).
Can you imagine if V’Ger were to come back today with a bunch of 8” or 5-1/4” disks asking us to interface with it? Let’s face it, even us Space Cowboy generation wouldn’t have the hw to do it. We would probably just get zapped into oblivion.
Nope, Z80 was Zilog.
Since 1976 or so I tended to favor the Motorola/MOS architectures (6800, 6502, 6809, 68000) over the Intel/Zilog (8080, Z80, 8086), until finally Intel gave up on segments and started doing things right (with the 386), then it was all over for Motorola.
But since when was Z80 assembler "high level"? About the only thing it's higher than is machine hex... (or perhaps, if you go back far enough, octal...)
>>But since when was Z80 assembler “high level”? About the only thing it’s higher than is machine hex... (or perhaps, if you go back far enough, octal...)<<
It was octal — but it had index registers — very cool and easy to work with. 8086 made you set up the pointer stack longhand *yech* — I could do it but I never liked it. Reserve the memory, store the register contents, then get it back... NVA just in housekeeping! LOL (like segmenting in COBOL 68)
Those index registers cut coding buy 1/2 at least without giving up efficiency.
Now — I miss all that.
(Z80=Zilog: Jeeze, you are so right! I just remember the platform, not the name. Memories, memories — what was your name again?)
Heh. My brain still knows that LDA# (load accumulator immediate) on the 6502 is hex A9. Haven't used that bit of mental lint since 1985. But what did I have for breakfast today, much less for dinner last night?
What was the question?
the day windows95 was loaded was the day my dreams all came true.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.