In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently “limited and targeted” attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is not affected Server 2008 is not affected, XP SP3 is not affected. Read on for more on this one (AND the Explorer 0-day)
This particular exploit requires user interaction. So, this one seems to be exploited by sending a specially crafted file as an email attachment. The user clicks to open it and they’re bit.
Computer World has more details.
On the OTHER front – that is Internet Explorer:
Sans is reporting a 0-day vulnerability in the wild for Internet Explorer that affects a fully patched XP system (yes INCLUDING December’s patch Tuesday updates.) The exploit is not in wide use currently, but the source code is available so…. buckle up it’s going to be an interesting month. I wonder if we’ll see them actually break their patch cycle for this one. It would be a GOOD candidate to patch before the holidays.
It looks as though the XML parser is under attack in this one – The attack tests to run on Internet Explorer 7 only on Windows XP or Windows 2003.
They haven’t tested on Internet Explorer 6 or Vista.
Related PostsRelated Posts
- Internet Explorer zero-day This time around, the zero day is related to Internet Explorer and activex... (directanimation specifically). Incidents has a good update on the issue. This is a second exploit, there was another at the end of August, MS has an advisory on the issue. I think a safe bet would be......
- Remote Tech Support using VNC (Ultravnc SC and x11vnc+wrapper script) Ok, some time back I'd done a writeup on UltraVNC SC, which is a nice customizable (windows version) VNC server that essentially let's someone doing remote support build their own downloadable .exe that runs and automatically tries to make a direct connection to a "listening" vnc viewer. It's good for......
- Microsoft Releasing out of Cycle Patch for Internet Explorer Exploit Take a look at the official announcement. They've moved outside the usual update cycle for this one. VERY good move Microsoft to get this patch in before the holidays as it looks as though there's been a spike in the use of this particular exploit and with people doing a......
- Download Microsoft Windows 7 RC Hi Folks, Microsoft has released Windows 7 RC. Here's what you need to know: This is pre-release software, so please read the following to get an idea of the risks and key things you need to know before you try the RC. You don't need to rush to get the......
- A Container Garden for Small Spaces If you don't have much room for gardening but love to grow your own flowers or vegetables, try a container garden. You can enjoy growing everything from veggies to trees on a porch, patio or balcony. A wide variety of flowers, vegetables and other plants do very well in containers......
- 5 Reasons to Start Corporate Blogging Now In today's fast paced world, where companies are built daily and there is a big scandal every week bringing a corporation crashing down. That is why it can be very beneficial to start a corporate blog. We will go into this and four other reasons for starting a corporate blog......
- Exploits in the wild and other news
- Microsoft Releasing out of Cycle Patch for Internet Explorer Exploit
- Massive Windows Update Tuesday
- Antivirus vs. WMF exploit
- MS05-053 Microsoft Windows Image Viewing Vulnerability