| Author |
Topic: New critical MS vulnerability being exploited in the wild |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 9 Jul 2009 8:49 am |
|
Yesterday, July 8, I wrote an article on my blog describing an unpatched vulnerability in an ActiveX Control in Internet Explorer, which has been targeted over the last 4 or 5 days by hackers. The exploit code for the vulnerable file has been added to hacking kits and was deployed over the last weekend on compromised servers/websites in China. This was done by hacking tens of thousands of websites that use insecure PHP scripts that are known to be exploitable. The hackers succeeded in this exploit attack and have spread it to target all websites, everywhere. Unsuspecting visitors to any of those websites will be redirected to hostile servers in China and Russia, where over a dozen different exploits will be directed at their browsers.
Security people are saying that this could turn into another Conficker-like incident, unless people take action to protect their own PCs. I have listed several steps you can take to protect your PCs from this new attack vector. Please read my blog article for the details and take whatever proactive action you are capable of.
Microsoft plans to release a patch for this "DirectShow" vulnerability in a timely fashion ... on July 14.
If you are a Webmaster, please review all PHP scripts in use to ensure that you are using only the most recent patched versions. Read your access logs to see if any XSS injection attempts (sIncPath) show a server 200 response, which indicates success (they should all be 403, 404, or 405 failures). The included files usually are BotId1.txt, Id1.txt, or similar names and the user agents are usually "Mozilla/5.0" or "libwww-perl/5.803". Block those user agents in your .htaccess files, plus all includes (sIncPath=http) with a URL that is not part your own website.
If you need professional assistance securing your websites there is a link to my Webmaster Services page in my signature.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
 |
Jon Light
From:
Saugerties, NY
|
Posted 11 Jul 2009 5:24 am
|
|
I had read about this last week and it sounded sort of like an emergency. Can it be summed up as simply as to say that if I do not use IE--I only use Firefox--I am not vulnerable, no worries?
Also---I opt for auto-notify me but take no action for my updates (Vista). Is there a way to get rid of the IE8 notification? I have no interest in it or intention to download it but it is ever-present as an important update (and hence, the update icon is ever-present on the task bar.) This is not very important and I have no interest in lifting more than a half a finger to fix this but I would prefer to save alerts for real updates that pertain to me and my diverse interests. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 11 Jul 2009 1:59 pm
|
|
| Jon Light wrote: |
| I had read about this last week and it sounded sort of like an emergency. Can it be summed up as simply as to say that if I do not use IE--I only use Firefox--I am not vulnerable, no worries? |
A qualified yes. You must also not use any Microsoft email clients, like Outlook or Outlook Express/Windows (Live) Mail, because they all use the IE HTML rendering engine to display HTML email content. If you use Thunderbird as your email client and Firefox as your browser you are safe from this exploit vector.
| Quote: |
| Also---I opt for auto-notify me but take no action for my updates (Vista). Is there a way to get rid of the IE8 notification? I have no interest in it or intention to download it but it is ever-present as an important update (and hence, the update icon is ever-present on the task bar.) |
You can disable further notifications to download IE 8. Double click on the Windows Update icon when it appears in the Systray. Select Custom Installation (bottom radio option). IE 8 will be listed, with a checkbox before it. Uncheck the checkbox and click OK. Nothing will be installed, unless other updates are currently available. You will be notified that WUS will not notify you about the deselected update again.
Note, that as a Vista user you may encounter a forced Windows Update during a shutdown sequence and if IE 8 is not already deselected, it will be installed automatically, behind your back.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 12 Jul 2009 5:28 am
|
|
| Thanks Wiz. Couldn't find any custom installation button---could be the Vista skin I'm using or something. I did find that I could right click on the IE8 item (and uncheck it) and get the option to hide it. Looks like that does it. We'll see. |
|
|
|
