Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The July Patch Tuesday release contains three updates addressing "critical" security vulnerabilities in Windows, according to an advance notification issued this week. Two of the bulletins address previously revealed issues that are being exploited in limited attacks: One is a vulnerability in DirectShow, the other is a bug in the Microsoft Video ActiveX control.Many security experts predicted that websites hosting the exploit for the ActiveX flaw, which was revealed this week, would only continue to grow, meaning Microsoft had to act quickly."Our engineering team has been working around the clock to produce an update for the issue...and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks," wrote Jerry Bryant, a Microsoft security program manager, on the company's Security Response Center blog. "As you know, this information may change between now and next Tuesday."The vulnerability impacts Windows XP and Server 2003 users and is particularly dangerous because users can be infected simply by visiting a website."It requires no user intervention at all," Dmitriy Ayrapetov, product line manager at internet security firm SonicWALL, told SCMagazineUS.com. "Anywhere you can click on a web page in Internet Explorer, that's where they're vulnerable."He said he wouldn't be surprised if hijacked social networking sites, such as Facebook and Twitter, soon are used to spread the malware.So far, most of the compromised websites being used to serve up the attack -- experts estimate the number is somewhere in the thousands -- are based in China, researchers said.Right now, the goal of the malware writers largely is to install World of Warcraft password-stealing trojans on victim machines, Roger Thompson, chief research officer at ant-virus firm AVG, told SCMagazineUS.com. However, the payload could become more malicious, and he expects many more sites to be hacked and seeded with the exploit to launch drive-by downloads.Until the fix is released, users should apply an available workaround, which is to set the kill bit for the affected ActiveX control.In addition to the three "critical" patches, Microsoft plans to push out three "important" fixes affecting Publisher, Internet Security and Acceleration Server, and Virtual PC and Virtual Server, according to the notification.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.