Saturday, December 25, 2004
Yet another holiday Windows vulnerability. SP2 is affected.
UPDATE 12/28/2004:
The bad news is that bad guys are already exploiting the browser vulnerability. The good news is that the attack is not spreading fast, and there are already antivirus updates to protect you.
UPDATE 12/28/2004:
Another workaround is to go to Internet Explorer's Tools/Internet Options menu, click the Security tab, click the Internet Zone icon, and change the security setting to High. Unforutnately, doing this may stop some web sites from working the way you expect.
UPDATE 12/27/2004:
Nobody's sure yet but it seems that running from a non-Administrator account may protect you, as might some popup blockers.
This is different from the set of vulnerabilites I reported earlier. Some people have found an attack which would allow them to take over your computer if you use Microsoft Internet Explorer (the blue "E" icon) to visit a web page that uses the attack. Even XP Service Pack 2 is vulnerable.
You can't just stay away from bad web pages any more, because bad guys have figured out that they can put hostile code into banner ads. Any web site that has flashy ads might be dangerous these days.
Someday the antivirus vendors will start checking for this attack. Once they do your antivirus software will protect you.
Meantime any of the following will protect you:
Credit
------
Paul from Greyhats
Michael Evanchik
Http equiv
|
The bad news is that bad guys are already exploiting the browser vulnerability. The good news is that the attack is not spreading fast, and there are already antivirus updates to protect you.
UPDATE 12/28/2004:
Another workaround is to go to Internet Explorer's Tools/Internet Options menu, click the Security tab, click the Internet Zone icon, and change the security setting to High. Unforutnately, doing this may stop some web sites from working the way you expect.
UPDATE 12/27/2004:
Nobody's sure yet but it seems that running from a non-Administrator account may protect you, as might some popup blockers.
This is different from the set of vulnerabilites I reported earlier. Some people have found an attack which would allow them to take over your computer if you use Microsoft Internet Explorer (the blue "E" icon) to visit a web page that uses the attack. Even XP Service Pack 2 is vulnerable.
You can't just stay away from bad web pages any more, because bad guys have figured out that they can put hostile code into banner ads. Any web site that has flashy ads might be dangerous these days.
Someday the antivirus vendors will start checking for this attack. Once they do your antivirus software will protect you.
Meantime any of the following will protect you:
- Create a new login account just for web surfing. Don't make it an administrator.
- Turn off "Active Scripting" under Options. Unfortunately this keeps you from using many web sites.
- Install and use Firefox. This is by far the safest and most convenient fix.
Credit
------
Paul from Greyhats
Michael Evanchik
Http equiv
# posted by Frederick @ 8:45 AM Email to a friend:
Haloscan: they provide trackback