Thursday, September 23, 2004
Have you updated Internet Explorer yet?
Microsoft published a fix a few days ago for a dangerous bug that could let someone take over your machine if Internet Explorer simply displayed an image file put together by the attacker.
The good news is that (as far as we know!) Microsoft fixed this before the bad guys found out about it.
Now, of course, the bad guys know about it. There is now a program, publicly available, that builds a JPEG picture which, if you look at it in unpatched IE, adds a new administrator account to your machine.
That's what has been made public. Likely there are worse things in the underground.
What's going to happen next is that people are going to start using these new attack tools in automatic attacks. For example, someone could infect thousands of machines by sending out spam with a picture in the message.
It's going to happen soon, too.
Remember, click the Start menu, choose Windows Update. You may need to update Office as well.
|
The good news is that (as far as we know!) Microsoft fixed this before the bad guys found out about it.
Now, of course, the bad guys know about it. There is now a program, publicly available, that builds a JPEG picture which, if you look at it in unpatched IE, adds a new administrator account to your machine.
That's what has been made public. Likely there are worse things in the underground.
What's going to happen next is that people are going to start using these new attack tools in automatic attacks. For example, someone could infect thousands of machines by sending out spam with a picture in the message.
It's going to happen soon, too.
Remember, click the Start menu, choose Windows Update. You may need to update Office as well.
# posted by Frederick @ 6:03 PM Email to a friend:
Haloscan: they provide trackback