New ‘SetSlice’ Flaw in IECriminal bands began aiming at an un-patched security hole in Internet Explorer browsers, recently. Consequently, the 'SANS Institute's Internet Storm Center' notified its 'Internet danger warning' level to "yellow" during the weekend. The exploit, called "In the Wild", set against the newest un-patched Windows flaw has started spreading. It is using Internet Explorer as the attack probe to install 'identity theft' trojans and 'rootkits' on compromised PCs. Security researcher H.D. Moore's 'proof-of-concept-code' demonstrates how a virus in the "setslice( )" method in IE's "WebViewFolderIcon" Active X control can help to run malicious code on a compromised system. The basic cause of the problem is an 'integer overflow' in a central Windows component called COMCTL32.DLL, that is utilized by many programs. As said by Determina's Alex Sotirov, the 'WebViewFolderIcon Active X control' might be only one attack probes for this susceptibility from many more. This Windows virus can be manipulated to load spyware on PCs just by visiting a malicious site on Internet Explorer or opening a specially designed e-mail. Although Microsoft has declaration that users running "Windows Server 2003" and "Windows Server 2003 Service Pack 1" as default configurations along with the 'Enhanced Security Configuration' would not be affected. The increase in attacks using "setslice()" method are different from VML attacks that used some other Internet Explorer flaw, said security experts. The emergency patch for that flaw was issued by Microsoft. Microsoft recommends IE users to discard instantiating the Active X control by turning on the 'kill bit' in the registry for CLSIDs {844F4806-E8A8-11d2-9652-00C04FC30871} and {E5DF9D10-3B52-11D1-83E8-00A0C90DC849}. It also asks to keep anti-virus update and look for Microsoft patch. In addition, SANS urged administrators to ask their users to not use IE for a while. Some other tips include upgrading IE to IE 7 version, which is unaffected by these kinds of bugs. It is not safe to open unexpected attachments. If an e-mail appears doubtful, it is better to confirm about the file sent by the sender. And all e-mail attachments should be scanned with anti-virus software before opening or downloading them. Related article: New Zealand Releases Code To Reduce Spam » SPAMfighter News - 10/7/2006 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
