Attackers have added another, yet-to-be-patched Windows flaw to their arsenal, experts warned Saturday.
Cybercrooks have started exploiting a flaw in the Windows Shell only days after sample attack code for the vulnerability surfaced. Web sites that exploit the vulnerability are popping up and attempt to load malicious software onto vulnerable Windows PCs in a way that is undetectable to users, experts said.
"There are professionals at work using the exploit code," security firm Websense said in an alert. The miscreants taking advantage of the flaw appear to be part of the same group that in December used another Windows flaw to hoist spyware onto PCs, Websense said. That flaw stemmed from the way Windows handled Windows Metafile, or WMF images.
Microsoft warned of the Windows Shell flaw on Thursday. The flaw affects Windows 2000, Windows XP and Windows Server 2003, and could be exploited via the Internet Explorer Web browser through a component called WebViewFolderIcon, the company said. Windows Shell is the part of the operating system that presents the user interface.
View: Full Story @ ZDNet
Cybercrooks have started exploiting a flaw in the Windows Shell only days after sample attack code for the vulnerability surfaced. Web sites that exploit the vulnerability are popping up and attempt to load malicious software onto vulnerable Windows PCs in a way that is undetectable to users, experts said.
"There are professionals at work using the exploit code," security firm Websense said in an alert. The miscreants taking advantage of the flaw appear to be part of the same group that in December used another Windows flaw to hoist spyware onto PCs, Websense said. That flaw stemmed from the way Windows handled Windows Metafile, or WMF images.
Microsoft warned of the Windows Shell flaw on Thursday. The flaw affects Windows 2000, Windows XP and Windows Server 2003, and could be exploited via the Internet Explorer Web browser through a component called WebViewFolderIcon, the company said. Windows Shell is the part of the operating system that presents the user interface.
View: Full Story @ ZDNet
I was just going to ask that!
Yes there is. Check out http://news.com.com/2100-1002_3-6121608.ht...8&subj=news
I'm an IE 7 RC1 User. FYI. No problems, got Outpost Firewall. Think I'm good to go
The fact is, they are not after the "average PC user", they are doing this for an ego boost and some credit. They are after the big businesses who don't secure themselves, the schools and institutions, not us.
Get a good firewall, both software and hardware if you want. Get a good A/V program and just watch where you surf and you'll generally be fine.
To say "Opera/Firefox users have nothing to worry about" when an IE flaw comes out and to say "IE users have nothing to worry about" when a Firefox flaw comes out is just stating the obvious. That is like me saying "Linux users have nothing to worry about" when they find a Windows flaw.
Well stated.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.