Microsoft warns of serious computer security hole

July 6, 2009 By JORDAN ROBERTSON , AP Technology Writer Microsoft Windows XP logo

(AP) -- Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating .

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" - or software fix - for the problem.

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it's because the vulnerabilities are very serious.

A recent example was the emergency Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.

---

On the Net:

Microsoft support page: http://tinyurl.com/kwh8ls

Join PhysOrg.com on Facebook!
Follow PhysOrg.com on Twitter!
©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 4.5 /5 (11 votes)

Rank Filter

Move the slider to adjust rank threshold, so that you can hide some of the comments.


Display comments: newest first

  • gmurphy - Jul 06, 2009
    • Rank: 5 / 5 (1)
    yet another triumph of mediocrity for Microsoft
  • dirk_bruere - Jul 06, 2009
    • Rank: 5 / 5 (1)
    Yet another reason to stay well clear of IE
  • jimbo92107 - Jul 06, 2009
    • Rank: 5 / 5 (3)
    Another reason to try Linux.
  • DGBEACH - Jul 06, 2009
    • Rank: not rated yet
    Right on jimbo!
  • LuckyBrandon - Jul 07, 2009
    • Rank: 5 / 5 (1)
    ok yes, its definitely a security flaw, but hardly one that can be entirely blamed on microsoft.

    first off, the article states the typical method it uses to get tpeople to the site is a link in spam mail...

    "Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail."



    ok so thats ID10T user right fkn there right....



    Second off, which the article doesnt provide enough info, depending on HOW it exploits IE and the OS, it may be preventable, however, IF the default security settings on the OS of any given windows version are not locked down enough out of the box, that could of course open MANY holes..



    But before you no MS likers actually swear off of Microsoft, you should look at the abilities to lock down the OS (at least in the "professional", "business", "ultimate", and server editions of ever OS since Win2000)...most exploits can be prevented, as long as you know how youre being attacked :)
  • Dig - Jul 07, 2009
    • Rank: 5 / 5 (3)

    ok so thats ID10T user right fkn there right....


    LuckyBrandon, haven't you learned that here in the USA all the smart people are responsible for protecting the dumb people from themselves? That's why we have so many lawyers. LOL.

    I know how to fix this.... send a spam email that goes to a site that explains to people (in simple terms) the dangers of clicking on links in spam emails. Oh, and put the words "Click me first" in the subjectline!!!! LOLOLOLOL :)
  • LuckyBrandon - Jul 07, 2009
    • Rank: not rated yet
    LMAO

    I like it Dig :D
  • Damon_Hastings - Jul 11, 2009
    • Rank: not rated yet
    All kidding aside, these security holes are a serious problem. The compromised computers are often used as a platform to launch massive cyberextortion attacks against anyone who refuses to pay a ransom. These DDoS attacks are very much on the rise, as they are generally successful, profitable, and untraceable -- and it usually costs more to defend against them than to pay the ransom. Also, the extortionists launch these attacks at virtually no cost. These attacks are now happening at the rate of hundreds per DAY. On at least two separate occasions during a 2 year period, my own website was knocked out for several days as collateral damage. My website wasn't even the intended target, but the DDoS attacks were so massive and so successful that they each took out hundreds of websites which just happened to be too close to the target. I only know this because I knew one of the datacenter techs that worked on it; they were telling everyone else that it was "unscheduled maintenance". I have since changed datacenters, but this does not seem to have reduced the incidence of "unscheduled maintenance."



    I don't think Microsoft has a responsibility to protect people from their own stupidity; but I do think they have a responsibility to prevent their software from being weaponized into a platform for attacking and extorting innocent people.







  • EvgenijM - Jul 12, 2009
    • Rank: not rated yet
    I'm glad I am using Linux. Even if someone writes i virus for all Linux browsers - the virus will still need root access. This means that even if virus executes - it won't be able to do anything with system itself.
  • frogz - Jul 13, 2009
    • Rank: not rated yet
    Bah.. just reboot. Everything will be just fine.
  • LuckyBrandon - Jul 15, 2009
    • Rank: not rated yet
    damon-the same can be said for any OS, as any OS technically could be weaponized. But who cares about hijacking 20 unix based systems when there are 20,000 windows systems. the problem is, you cant find all exploits before a malicious individual does (maybe in the quantum days it will be)...

    evgen-if you put 20,000 linux systems out there in place of windows, i guarantee you that would not be a problem for long at all

July 6, 2009 all stories

Comments: 11

4.5 /5 (11 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories

  • Don't fret about Conficker: Here's what to do
    created Mar 31, 2009 | popularity not rated yet | comments 0
  • New trojan detected for Microsoft Word
    created May 22, 2006 | popularity not rated yet | comments 0
  • Huge computer worm Conficker stirring to life
    created Apr 09, 2009 | popularity not rated yet | comments 0
  • Fix for Windows vulnerability due Jan. 10
    created Jan 03, 2006 | popularity not rated yet | comments 0
  • Microsoft Investigates IE 7 Vulnerability
    created Mar 16, 2007 | popularity not rated yet | comments 0



  • hide

  • Relevant PhysicsForums posts

  • System PDEs - Comsol
    created 2 hours ago
  • Making 4'x8' sign inkjet printer - need nozzles - help?
    created 18 hours ago
  • Calculating Velocity
    created Nov 06, 2009
  • shear stress distribution in triangular steel profile
    created Nov 06, 2009
  • More from Physics Forums - General Engineering

Other News

Microsoft websites were the most visited in September

Microsoft websites top spots in September: comScore

Technology / Internet

created 4 hours ago | popularity 1 / 5 (1) | comments 0

Industry tracker comScore on Friday released a study showing that Internet users in September spent more time at Microsoft websites that at any other online properties.


Brazil blackouts result of cyber hacking: report

Technology / Internet

created 4 hours ago | popularity 2.5 / 5 (2) | comments 0

Massive power outages in Brazil in 2005 and 2007 that impacted millions were caused by cyber hackers attacking control systems, the US television network CBS said Sunday.


The Beatles perform in 1964 at the Olympia in Paris

Bluebeat to battle EMI over Beatles songs

Technology / Internet

created 3 hours ago | popularity not rated yet | comments 0

US online music service Bluebeat said it plans to fight British recording label EMI over rights to stream and sell versions of Beatles songs.


Google logo

Google's desire to scan old books has critics casting it as Goliath

Technology / Internet

created Nov 06, 2009 | popularity 4.5 / 5 (4) | comments 5

Google's ambitious plan to scan millions of old, out-of-print books, many of them forgotten in musty university libraries, has turned into one of the biggest controversies in the young company's history.


The Pirate Bay logo

Norway court snubs call to block The Pirate Bay

Technology / Internet

created 21 hours ago | popularity 5 / 5 (2) | comments 1

A court in Norway on Friday rejected calls from the entertainment industry to force communications giant Telenor to block its customers from accessing popular file sharing website The Pirate Bay.




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter