Microsoft warns of serious computer security hole

Inde

Site Contributor

Join Date: Dec 2004

07 Jul 2009 at 15:26 - 1
Quote:
Microsoft warns of serious computer security hole
SAN JOSE, Calif. -

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem.

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it's because the vulnerabilities are very serious.

A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.

http://tech.yahoo.com/news/ap/200907...osoft_security
Okay, the reason this article is hilarious is this paragraph:

"Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem."

So you have to either stop using Windows XP or Internet Explorer. But of course they can't SAY that, I mean how bad would that look for Microsoft to say specifically "Internet Explorer/Windows XP is so bad just don't use it" so instead they try to tone it down with "disable the problematic part of the software." I know it's the Video ActiveX controller that is the problem but for the thousands who just read that and don't have a clue... they're sitting there wondering what they should do.

Wesyrine

Wesyrine

Ascalonian Squire

Join Date: Feb 2006

W/

07 Jul 2009 at 15:35 - 2
MS: "Hey Steve.. I just found this hole in WinXP/IE.."
MS2: "Really? What is it..?"
MS: "Apparently you can use it to take control of the user's PC.. like all the other security holes that exist.."
MS2: "Wow.. that's really bad.. What do we do?"
MS: "I've got it.. let's not do anything and release a statement telling people to either disable the software or buy Windows 7!"
MS2: "Brilliant!"

Roy_

Roy_

Academy Page

Join Date: Dec 2008

Whatever Floats Your [Boat]

A/

07 Jul 2009 at 15:38 - 3
I loled...
But seriously...who uses IE anyway?

drunk n angry

drunk n angry

Lion's Arch Merchant

Join Date: Jul 2009

in a quiet little town that i love.

Ancient Dragoons [AGED]

W/

07 Jul 2009 at 15:47 - 4
Quote:
Originally Posted by Wesyrine View Post
MS: "Hey Bill.. I just found this hole in WinXP/IE.."
MS2: "Really? What is it..?"
MS: "Apparently you can use it to take control of the user's PC.. like all the other security holes that exist.."
MS2: "Wow.. that's really bad.. What do we do?"
MS: "I've got it.. let's not do anything and release a statement telling people to either disable the software or buy Windows 7!"
MS2: "Brilliant!"

LMFAO!!!! you should work for snl XD

Slasher of Darkness

Lion's Arch Merchant

Join Date: Aug 2008

Lots of places~

D/

07 Jul 2009 at 15:51 - 5
Quote:
Originally Posted by Roy Frogger View Post
But seriously...who uses IE anyway?
I /agree

12chars

miskav

miskav

Jungle Guide

Join Date: Jun 2005

None

Mo/

07 Jul 2009 at 15:52 - 6
Just don't use IE, like I've been saying for what... 3+years?

[Morkai]

[Morkai]

Jungle Guide

Join Date: Oct 2007

Heroes of Elonia [HE]

W/Rt

07 Jul 2009 at 15:58 - 7
Lol IE. Nice joke.

dilan155

dilan155

Desert Nomad

Join Date: May 2007

living room

N/

07 Jul 2009 at 16:14 - 8
You guys don't know anything IE is the leet man, sorry just a bit of sarcasm there. Just use firefox or something IE sucks anyway

Catchphrase

Frost Gate Guardian

Join Date: Apr 2009

07 Jul 2009 at 16:15 - 9
Quote:
Originally Posted by Wesyrine View Post
MS: "Hey Bill.. I just found this hole in WinXP/IE.."
MS2: "Really? What is it..?"
MS: "Apparently you can use it to take control of the user's PC.. like all the other security holes that exist.."
MS2: "Wow.. that's really bad.. What do we do?"
MS: "I've got it.. let's not do anything and release a statement telling people to either disable the software or buy Windows 7!"
MS2: "Brilliant!"
Would have been funny but Bill is no longer in Microsoft. Take a shot at Steve Ballmer instead.

Shayne Hawke

Shayne Hawke

Departed from Tyria

Join Date: May 2007

Clan Dethryche [dth]

R/

07 Jul 2009 at 16:45 - 10
Firefox fulfills all my browser needs.

jiggles

Desert Nomad

Join Date: Sep 2007

N/

07 Jul 2009 at 17:33 - 11
Quote:
Originally Posted by miskav View Post
Just don't use IE, like I've been saying for what... 3+years?
Who hasn't been saying this?

Killamus

Guest

Join Date: Oct 2008

07 Jul 2009 at 17:40 - 12
So, what, the software is IE?
Pfft, who actually uses that anymore?
Also, makes me glad I run Linux.

Fril Estelin

Fril Estelin

So Serious...

Join Date: Jan 2007

London

Nerfs Are [WHAK]

E/

07 Jul 2009 at 17:47 - 13
Quote:
Originally Posted by Inde View Post
Okay, the reason this article is hilarious is this paragraph:

"Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem."

So you have to either stop using Windows XP or Internet Explorer.
What Yahoo is saying (not you Inde) is not true, the exact words of MS are here (found via securityfocus): http://www.microsoft.com/technet/sec...ry/972890.mspx

It's a problem with the handling of one specific ActiveX control, which can be disabled due to how IE was reworked during the last few years (it's not entirely sure if this can always be done, but it's working so far), not with IE as a whole.

The main vector of attack seems to be emails, so caution when clicking links from suspicious emails should be used. Don't take for granted your understanding of security behaviour, spread the word around you.

Braxton619

Braxton619

Desert Nomad

Join Date: Jul 2008

A/W

07 Jul 2009 at 17:55 - 14
rofl another advertisement for windows 7

Inde

Site Contributor

Join Date: Dec 2004

07 Jul 2009 at 18:04 - 15
Quote:
Originally Posted by Fril Estelin View Post
This is not true, the exact words of MS are here (found via securityfocus): http://www.microsoft.com/technet/sec...ry/972890.mspx

It's a problem with the handling of one specific ActiveX control, which can be disabled due to how IE was reworked during the last few years (it's not entirely sure if this can always be done, but it's working so far), not with IE as a whole.

The main vector of attack seems to be emails, so caution when clicking links from suspicious emails should be used. Don't take for granted your understanding of security behaviour, spread the word around you.
K Fril, I did say that.

Quote:
Originally Posted by Inde
I know it's the Video ActiveX controller that is the problem but for the thousands who just read that and don't have a clue... they're sitting there wondering what they should do.

vamp08

vamp08

Krytan Explorer

Join Date: Nov 2006

PA, USA

[COPY]

D/

07 Jul 2009 at 18:23 - 16
Quote:
Originally Posted by Roy Frogger View Post
I loled...
But seriously...who uses IE anyway?
I'm on it right now. Personally, I hate Firefox

I'll use Opera from time-to-time

leetLoLa

leetLoLa

Krytan Explorer

Join Date: Mar 2009

Pawn!

Who Are You [wAu]

W/Mo

07 Jul 2009 at 18:25 - 17
Quote:
Originally Posted by vamp08 View Post
I'm on it right now. Personally, I hate Firefox

I'll use Opera from time-to-time
well google chrome ftw!

rick1027

rick1027

Jungle Guide

Join Date: Apr 2006

W/R

07 Jul 2009 at 21:31 - 18
woohoo a bunch of computer will come my way to be fixed all the same ones ive told for 5 or 6 years not to us ie but still do.

Quaker

Quaker

Hell's Protector

Join Date: Aug 2005

Canada

Brothers Disgruntled

07 Jul 2009 at 21:44 - 19
Geez people, grab a clue. MS is not disabling IE (or WinXP), but simply a small part of IE that's used to play certain types of video. I'm not a big fan of MS or Windows, but I do try to keep it real.

rick1027

rick1027

Jungle Guide

Join Date: Apr 2006

W/R

07 Jul 2009 at 22:14 - 20
Quote:
Originally Posted by Quaker View Post
Geez people, grab a clue. MS is not disabling IE (or WinXP), but simply a small part of IE that's used to play certain types of video. I'm not a big fan of MS or Windows, but I do try to keep it real.
nobody said there were disabling ms or xp inde said a part of which states what you ended up saying over most of the other comments were about not using ie which has been a bad thing for years thats the big reason i have to fix so many computers over the years people using ie when it has vulnerabilities

Inde

Site Contributor

Join Date: Dec 2004

15 Jul 2009 at 02:02 - 21
UPDATE! or lack thereof:

CWmike writes "Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat. Symantec, Sunbelt Software, and SANS' Internet Storm Center bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by IE to display Excel spreadsheets. There is no patch for the vulnerability; Microsoft didn't release one in today's Patch Tuesday. A temporary fix that sets the 'kill bits' of the ActiveX control is available, but experts believe it's likely most users won't take advantage of the protection. Symantec raised its ThreatCon ranking to the second of four steps. "We're seeing it exploited, but currently on a limited scale," said Symantec's Ben Greenbaum. Sunbelt also bumped up its ranking, to high."

http://it.slashdot.org/story/09/07/1...iply?art_pos=3

Fril Estelin

Fril Estelin

So Serious...

Join Date: Jan 2007

London

Nerfs Are [WHAK]

E/

15 Jul 2009 at 04:43 - 22
The temporary fix from Microsoft is here:
http://support.microsoft.com/kb/973472#FixItForMe

Not all AV companies are worried about it, strangely.