English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

Symantec - Hackers Intensify Attacks to Exploit Vulnerability in Windows XP & Server 2003

Symantec (an online security company) states that an unpatched vulnerability in Microsoft Server 2003 and Windows XP has been included to a multiple attack toolkit for exploitation. This inclusion of vulnerability shows that attacks will rise in future.

The security company states that the exploit of DirectShow bug, which has been circulating on the Internet and recognized by Microsoft one month back, has been added to a web-based attack toolkit. Liam Murchu, a researcher working with Symantec's security response group, says that this will result in high volume use of the exploit in a short time, as reported by Computerworld on June 22, 2008.

To exploit this flaw, hackers are presently luring users to a malicious webpage. Among other methods, hackers have become proficient in doing this by fixing iframe tags in authentic pages. This is the most explicit attack vector. It has been observed that the iframe tags point to the exploit inside phishing pages, and the insertion of iframe tags in pages is expected to rise in coming days.

The flaw exists in the code within Microsoft DirectX and can be activated by a specially designed QuickTime media file. The web pages of hackers will attempt to play the malicious QuickTime file, not accessing the QuickTime player, instead uses the Windows Media Player. This will activate the flaw and enable hackers to insert code in the visitors' systems.

Microsoft has not released fix for the DirectShow bug which attacks Windows 2000, Server 2003 and XP, but doesn't the latest Windows Vista and Server 2008. The vulnerability doesn't target upcoming Windows 7.

Microsoft Corp. says that till the last week of May 2009, attackers targeted the flaw for the third time in the last 3 months (March-May). They had already caution that attackers were exploiting an unpatched critical flaw in their software.

Further, Microsoft released a security advisory that claimed hackers had already been accessing attack code that exploited a bug in DirectX, a Windows subsystem important to games and is accessed to play streaming videos downloaded from sites.

Unlike other latest exploits of Microsoft zero days, flaws that have not been patched by the attack code come into notice the DirectShow assaults are not targeting particular businesses or individuals.

» SPAMfighter News - 03-07-2009

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>