Skip to comments.Severe IE vulnerability threatens Windows XP users
Posted on 03/01/2010 9:59:39 AM PST by Gomez
News of a newly discovered bug in VBScript and Windows Help files in Internet Explorer that could allow a remote attacker to run an arbitrary command has reached Microsoft on Friday and they immediately sat down to investigate the matter.
After two days, they confirmed that this vulnerability "could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box", but that there has been no news about attacks exploiting it so far.
Maurycy Prodeus, the security analyst that discovered the vulnerability, says that Windows XP SP3 running IE 8,7 or 6 are vulnerable, and Microsoft assures that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.
Microsoft is yet to confirm when the fix will be released, but Computerworld reports that Prodeus himself offered a temporary solution: blocking TCP port 445. "However, it is worth to note that blocking this port doesn't solve the problem, because there might be [an]other attacking vector, for example, uploading an arbitrary file to the victim's machine at known path location using some third-party browser plug-ins," he said.
The fix is to open a command prompt and issue the command:
format c: /u
I wonder how many of the same vulnerabilities will be found in other platforms and software once the hackers determine that it is fun to hit them too.
I don’t think I’ve pressed an F-anything key in over 20 years.
Probably too damn soon.
Hackers should be public strung up like horse thieves were in the old west. Only dropped slowly to prolong the agony as long as possible.
And I ain’t joking.
I have, but only because I missed the Esc key I was aiming at.
LOL — I do feel a little guilty now.
A little ;)
SE works extremely well, updates faster, speeds up your system greatly and covers your firewall, spyware, malware and Trojan threats all in one compatible security program.
I cannot express enough how well this program works, and it is totally free and easy go get direct from Microsoft.
No love for Alt+F4?
What does it do that I should have love for?
Terminates the program running in the currently selected window.
Shut down the current window. It’s a lot easier than chasing X’s around at the end of the day when it’s time to shut down.
Let me add - don’t run as admin unless you are installing something.
I swear that takes care of 90% of the really bad stuff.
Go to Mozilla.Com; and download the Firefox browser for free; including all later updates which are free as well.
It is better than IE, a smaller “footprint” than IE in your PC, works with all current versions of Windows, or Macs and lacks MS security bugs.
You can also get, for Firefox, the usual “add-ons” and “plug-ins” for apps like Adobe Reader, Flash, etc.
My interest? None.
Firefox is part of the Mozilla “open source” family of apps.
You can also replace Outlook with Thunderbird while you are at it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.