8/18/2005

Microsoft Warns of IE Zero-Day Exploit

Filed under: — By Aviran Mordo @ 9:29 pm

Microsoft late Thursday issued an advisory with pre-patch workarounds to counter the public release of a zero-day exploit targeting users of its Internet Explorer browser.

The release of the advisory comes less than 24 hours after the FrSIRT (French Security Incident Response Team) published a proof-of-concept exploit that could be used by malicious hackers to target IE users.

The flaw is described as an error in the way IE handles the “Msddds.dll” COM object.

There is no patch available for the vulnerability and, because exploit code has already been released, incident handlers at the SANS ISC (Internet Storm Center) believe a widespread attack is very likely.

Security alerts aggregator Secunia Inc. rates the vulnerability as “highly critical” and warned that a successful exploit may allow the execution of arbitrary code. However, a malicious hacker must first trick a user into visiting a specially crafted Web site to launch an attack.

According to Microsoft Corp.’s advisory, an attacker could target the hole to “take complete control of the affected system.”

Microsoft plans to release a security bulletin with patches for the flaw – either through the monthly update process or with an out-of-cycle release.

In the absence of a patch, the company has published detailed workarounds and mitigation guidance to help block known attack vectors.

Source: eWeek

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress