MS IE Javascript exploit for zero-day (0-day) vulnerability



An exploit for last weeks zero-day (0-day) javascript vulnerability in Microsoft’s Internet Explorer is in the wild. I saw this post from Sunbelt a couple nights ago go up and disappear, at the time I didn’t have long enough to read it… It’s back today and there are instructions for mitigating the risk. However, there is still no patch from Microsoft and no word on when to expect one. According to the Sunbelt post the exploit in the wild is being used for browser hijacking/spyware install stuff.


The Incidents.org handlers diary chimes in too musing on whether we’ll have an out of cycle patch, or if MS will wait until December 13th. MS has updated their security advisory, so Incidents is betting on an early/out of cycle fix. Hope that’s the case.

PC Pro also has an article on this today.

–update– 12/1/05–

The securityfix has it this morning along with connecting the dots to yesterday’s beta release of Microsoft’s antivirus software and promotion of the Windows Live Safety Center. The last time MS did antivirus, one of the big complaints was essentially lagging/sluggish response in the realm of updates (which for antivirus is critical). With the purchase of GeCad, they have a good antivirus structure, my main question will be if they can give the frequent updates it deserves. (With security patches now coming out only once a month, many times in spite of known vulnerabilities, I wonder…)

Anyway, Microsoft has an entry in their “Malicious software encyclopedia” for the worm installed by the “in the wild” exploit Trojan Downloader information.

The register has more on Windows OneCare Live beta. (OneCare is the name for Microsoft’s new antivirus package.)

Related Posts

Blog Traffic Exchange Related Posts
  • Symantec Antivirus Remotely Exploitable Vulnerability This is bad - whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they're waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus......
  • Worm bits US Customs? There is a report that a virus shut down the computer systems at US Customs. This made for long slow manual check for travelers entering the U.S. Thursday night is when this took place at a number of airports across the country. They say all has been restored to full......
  • Cleaning up after WMF Exploit - summary Can I say enough times that after a bad trojan infestation you should format and reinstall? I've cleaned up the infested image that I "sacrificed" to the WMF exploit and as I've said you're pestware install will likely be somewhat different. An exploit is just the road, the spyware and......
Blog Traffic Exchange Related Websites
  • Firewall Internet Security Firewall seems to be very popular these days. Firewall is the program that helps you to protect your digital world. There are many companies, which produce the firewall because of its tremendous demand. If you are using windows xp, there is default firewall software that you can use to furnish......
  • Review of Windows Live Writer When you find a tool that makes life easier, there is nothing more exciting. The need for corporations to simplify and systematize their processes has to do with working smart and taking advantage of things that allow workers to reach their goals without having to work quite as hard. One......
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site