Author Topic: Cybercrooks add Windows flaw to arsenal  (Read 2000 times)

0 Members and 1 Guest are viewing this topic.

drhayden1

  • Guest
Cybercrooks add Windows flaw to arsenal
« on: October 01, 2006, 11:12:23 PM »
Attackers have added another, yet-to-be-patched Windows flaw to their arsenal, experts warned Saturday.

Cybercrooks have started exploiting a flaw in the Windows Shell only days after sample attack code for the vulnerability surfaced. Web sites that exploit the vulnerability are popping up and attempt to load malicious software onto vulnerable Windows PCs in a way that is undetectable to users, experts said.

"There are professionals at work using the exploit code," security firm Websense said in an alert. The miscreants taking advantage of the flaw appear to be part of the same group that in December used another Windows flaw to hoist spyware onto PCs, Websense said. That flaw stemmed from the way Windows handled Windows Metafile, or WMF images.

Microsoft warned of the Windows Shell flaw on Thursday. The flaw affects Windows 2000, Windows XP and Windows Server 2003, and could be exploited via the Internet Explorer Web browser through a component called WebViewFolderIcon

http://news.zdnet.com/2100-1009_22-6121584.html

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33625
  • malware fighter
Re: Cybercrooks add Windows flaw to arsenal
« Reply #1 on: October 02, 2006, 12:58:12 AM »
Hi drhayden1,

Funny that MS gives the advice to use one of the alternate browsers to avoid this flaw until the patch comes out. The IE browser is showing its brittleness now every day.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 47137
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Cybercrooks add Windows flaw to arsenal
« Reply #2 on: October 02, 2006, 03:06:32 AM »
Hi drhayden1,

Funny that MS gives the advice to use one of the alternate browsers to avoid this flaw until the patch comes out. The IE browser is showing its brittleness now every day.

polonus
polonus,
MS said nothing about using another browser.
The Quote in that article was as follows:
Quote
Windows users can protect themselves by following the guidance Microsoft gives in its advisory, switching to a non-Microsoft Web browser, or installing security software such as Exploit Prevention Labs' SocketShield.

Please note the comma after "following the guidance Microsoft gives in its advisory" and "to a non-Microsoft Web browser" .
These are 2 separate statements made by the writer of this article.
It isn't something said by Microsoft.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.5, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://