Advertisement
Promo

Security threats Toolkit in association with http://ad.doubleclick.net/clk;214682528;14505427;f?http://uk.blackberry.com/ataglance/security/

Attackers target zero-day Windows flaw

Greg Sandoval CNET News.com

Published: 07 Nov 2006 09:48 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

An "extremely critical" vulnerability has been discovered in Microsoft's XML Core Services, according to several security companies.

The vulnerability, which affects only systems running Internet Explorer, is caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control and could be used to seize control of an affected system, according to an advisory from Secunia, a security company based in Denmark.

IBM-owned ISS X-Force detailed on its site the kind of damage that could be caused by the vulnerability.

"This could lead to loss of confidential information, disruption of business, or further compromise," according to the security company.

For the vulnerability to be exploited, a user would have to visit a malicious website, Secunia said.

Microsoft acknowledged that the bug is already being exploited, in a note posted to the company's site.

"We are aware of limited attacks that are attempting to use the reported vulnerability," Microsoft said.

Some of the software that may be affected includes Windows 2000, Windows XP Service Pack 2 and Windows Server 2003.

People running Windows Server 2003 and 2003 Service Pack 1 in the default configuration with the Enhanced Security Configuration turned on aren't affected, Microsoft said.

Microsoft will determine, based on "customer needs", whether to release a patch during the company's monthly release process or an "out-of-cycle security update", the company said.

Microsoft's next patch release day is 14 November.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
460 out of 523 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. GoodBye Weekend? welshtroll

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Linux Platform software engineer

TECHNICAL PRE SALES CONSULTANT

Customer Website Conversion Manager Online Analytics/Forensics, London

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Behind the Scenes: Next Gen Mobile Tec...

Behind the Scenes: Next Gen Mobile Technology Author: Eric Everson, Founder MyMobiSafe.com With infrastructure speeds continually improving at the network level of the world’s leading... More

Post a comment

Nasa hacker petition presented to Numb...

Sting's wife Trudie Styler and Janis Sharp have presented a petition to Number 10 calling for Nasa hacker Gary McKinnon not to be extradited to the US. Styler, and Sharp, who is... More

Post a comment

UK to appoint cyber-sec tsar?

The UK is to appoint a cyber security tsar along the lines of the US, according to a story in the Telegraph this morning. The story is similar to one that appeared in the Guardian... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters