Author Topic: Zero Day exploit being used to infect PCs  (Read 30534 times)

0 Members and 1 Guest are viewing this topic.

Smith

  • Guest
Re: Zero Day exploit being used to infect PCs
« Reply #60 on: September 26, 2006, 05:50:40 PM »
Thank you for the reply, FwF.  I felt like I was only idiot who failed to see obvious facts.

Unfortunately, MS has a good record of leaving their users in dark.  As you say, it seems that time will tell if they are not crying wolf.  Now I can happily go back to my life.  Thanks, again.  :)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Zero Day exploit being used to infect PCs
« Reply #61 on: September 26, 2006, 05:59:53 PM »
Hi FwF,

MS should start on the browser, not starting to filter the Net. That is starting from the wrong end.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Zero Day exploit being used to infect PCs
« Reply #62 on: September 26, 2006, 08:29:43 PM »
There is now an official patch for this through windows update.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Zero Day exploit being used to infect PCs
« Reply #63 on: September 26, 2006, 08:42:34 PM »
Really? So much for the 'Oh, we might consider bringing out a patch early if attacks increase, but so far we're only seeing limited attacks' attitude.

Behind the scenes they've been busy bees!  ;D
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Zero Day exploit being used to infect PCs
« Reply #64 on: September 26, 2006, 08:42:43 PM »
There is now an official patch for this through windows update.
Quote
Security Update for Windows XP (KB925486)
Typical download size: 250 KB , less than 1 minute
A security issue has been identified in the way Vector Markup Language (VML) is handled
that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it.
You can help protect your computer by installing this update from Microsoft. After you install this item,
you may have to restart your computer.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Zero Day exploit being used to infect PCs
« Reply #65 on: September 27, 2006, 12:08:54 AM »
There is now an official patch for this through windows update.
Quote
Security Update for Windows XP (KB925486)
Typical download size: 250 KB , less than 1 minute
A security issue has been identified in the way Vector Markup Language (VML) is handled
that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it.
You can help protect your computer by installing this update from Microsoft. After you install this item,
you may have to restart your computer.

Direct download available from here.



Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Zero Day exploit being used to infect PCs
« Reply #66 on: September 27, 2006, 12:32:20 AM »
There is now an official patch for this through windows update.
Quote
Security Update for Windows XP (KB925486)
Typical download size: 250 KB , less than 1 minute
A security issue has been identified in the way Vector Markup Language (VML) is handled
that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it.
You can help protect your computer by installing this update from Microsoft. After you install this item,
you may have to restart your computer.

Direct download available from here.






I hadn't seen that, Thanks bob
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Smith

  • Guest
Re: Zero Day exploit being used to infect PCs
« Reply #67 on: September 27, 2006, 03:24:27 AM »
:o You people are quick.  I immediately came here after I found out the update.

Really? So much for the 'Oh, we might consider bringing out a patch early if attacks increase, but so far we're only seeing limited attacks' attitude.

Behind the scenes they've been busy bees!  ;D

Yes, that's what I meant in my previous post.  It is not just yesterday that my skepticism started.

MS should start on the browser, not starting to filter the Net. That is starting from the wrong end.

polonus, it's been always a part of their job.  In fact, how many average users informed of this 0-day exploit?  One of the considerable worst scenarios would be that MS is keeping people from information of their security flaws while the commercial hackers are exploiting them.  I am not dedicatedly anti-MS but, as a user, I got tired of too much politics behind the scenes.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Zero Day exploit being used to infect PCs
« Reply #68 on: September 28, 2006, 07:58:06 PM »
Microsoft's Out-of-Band IE Patch: A Little Too Late?

Quote
Microsoft has released an out-of-cycle Internet Explorer update to fix a critical—and widely exploited—vulnerability exploiting the Vector Markup Language, but there's a general feeling among security experts that the company is shutting the stable door after the horse has bolted.

Highlighting the risks of releasing security updates on a monthly patching cycle, the software maker's MS-06-055 bulletin comes a full eight days after virus hunters first spotted the zero-day attacks circulating on porn sites hosted in Russia.
ADVERTISEMENT

"This reminds me so much of the WMF attacks earlier this year," said Roger Thompson, chief technology officer at Exploit Prevention Labs, in Atlanta. "It came out of left field, ran undetected for a week or three, and by the time the official, emergency patch came out, the damage was done."

"In eight days, the bad guys replenished their botnets, made their money and moved on to the next zero-day. Now the industry is struggling to clean up and chase the copycats," Thompson said.

Microsoft has maintained throughout the episode that the attacks were limited in nature, but, according to data from VeriSign's iDefense, approximately 2,000 domains were hijacked and seeded with code to redirect users to hostile VML websites.

Quote
Microsoft's MS06-054 bulletin provides fixes for IE 5.01 and IE 6.0 on Windows XP (Service Pack 1 and SP2) and Microsoft Windows Server 2003 (including SP1).

There are no patches for Windows 2000 SP3 and other down-level operating system versions that are vulnerable to the flaw.

http://www.eweek.com/article2/0,1895,2020889,00.asp
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

neal62

  • Guest
Re: Zero Day exploit being used to infect PCs
« Reply #69 on: September 28, 2006, 08:08:46 PM »
That sounds about right. A Dollar short and a day late. Doesn't surprise me at all.  :)