Microsoft Zero-Day ActiveX Vulnerability
There’s been a new type of attack in the wild that Microsoft’s Security Research & Defense blog describes as a “browse-and-get-owned attack vector”. This only effects Windows XP machines and Server 2003 machines, but Microsoft recommends that users patch Windows Vista and Server 2008 to be safe.
So how does this attack occur and why should you be concerned? For this attack to be successful, the user simply has to open an email or browse to a website that opens a Video ActiveX Control. A malicious payload of the attacker’s choice is then downloaded onto the user’s system. This could be anything from annoying adware to password stealing programs that could allow an attacker to steal your online banking or Paypal credentials. Read full article »
July 8th, 2009