Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The bug, in a Microsoft Video ActiveX control, can be leveraged to run code on users' PCs if they are duped into visiting a malicious website through Internet Explorer, Chistopher Budd, a security program manager at Microsoft, said in a blog post."In a web-based attack scenario, an attacker could host a website that contains a web page that is used to exploit this vulnerability," according to a Microsoft advisory. "In addition, compromised websites and websites that host user-provided content or advertisements could contain specially-crafted content that could expoit this vulnerability."He said the ActiveX control in question has "no by-design uses" so, as users await a patch, they should set the kill bit for it. Customers running Windows Vista and Server 2008 are not affected by the vulnerability, but Budd recommended that they set the kill bit as well for additional protection."Once that kill bit is set, any attempt by malicious websites to exploit the vulnerability would not succeed," Budd wrote.Researchers at Symantec said that the hole is mostly being exploited in Asia, particularly China, where thousands of hacked websites have been seeded with attack code. According to a post on the security maker's security blog, the vulnerability is part of the "msvidctl.dll" library and can be exploited by inputting a malicious file to the "data" parameter. In addition to setting the kill bit, users seeking protection also can disable JavaScript in the browser and avoid visiting untrusted sites, Symantec said.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.