 |
|
|
July 17, 2008Microsoft ActiveX Attacks To SurgeInfoWorld is reporting that the script kiddies now have tools to exploit an unpatched ActiveX security vulnerability.  Image details: Microsoft Press Confernce Prior To Cebit Opening served by picapp.com The vulnerability poses a special danger since the ActiveX control is digitally signed by Microsoft, which means that people who have Internet Explorer configured to trust ActiveX controls with that designation would run it automatically if encountered on a Web page.
Some of the Web pages that have already been hacked with automated SQL injection attacks earlier this year are also hosting the Microsoft Acess attack, according to Symantec's Sean Hittel. "As is the case with most of these ActiveX attacks, they are being served by traditional Web sites that have themselves fallen victim to automated SQL injection attacks," Hittel wrote on a Symantec forum. "In the past, we have seen government, commercial, and hobby sites fall victim to these SQL injection attacks and subsequently begin serving exploits to each of their visitors." While InfoWorld notes that Microsoft has offered some suggestions to mitigate attacks, I further suggest that no one should be using Microsoft Internet Explorer as it frequently opens your system to unpatched vulnerabilities. [Symantec: Microsoft Access ActiveX attacks will intensify]
Posted in Tech News
by #!/usr/bin/geek at 2008-07-17 03:10 ET (GMT-5)
Tags: botnet irc computersecurity coporatesecurity datasecurity hacker hackers hacking
Comments
Post a comment
|
