Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Warns of New Video ActiveX Vulnerability

Posted by Soulskill on from the like-one-of-those-pothole-signs dept.

ucanlookitup writes "Microsoft has warned of a 'privately reported' vulnerability affecting IE users on XP or Windows Server 2003. The vulnerability allows remote users to execute arbitrary code with the same privileges as the users. The vulnerability is triggered when users visit a web site with malicious code. 'Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability.' The advisory can be found at TechNet. Until Microsoft develops a patch, a workaround is available."

9 of 146 comments (clear)

  1. Oh well. by A.+B3ttik · · Score: 3, Funny

    affecting IE users on XP

    Good thing none of them read Slashdot.

  2. better workaround by DanWS6 · · Score: 5, Funny

    http://www.mozilla.com/en-US/firefox/

  3. Re:Isolate! by lxs · · Score: 2, Funny

    I don't know, but I bet that the Phantom wouldn't like it.

  4. But... by goobermaster · · Score: 2, Funny

    But BonziBuddy told me that ActiveX was working perfectly! How can a purple monkey that helps me to remember all my credit card numbers lie???

  5. Hi, I'm a mac by Em+Emalb · · Score: 2, Funny

    I have nothing further to say, I just wanna stand here in my black turtle-neck with my cup of coffee looking smug. /typed on my MBP, so simma-down now fan boys... ;-P

    Seriously, this exploit sucks. I've gotta patch a butt-load of computers today now. Thanks a lot MS. Anyone know if the MSI file has a silent install option? Or can it be done via GPO?

    I just walked in, this smacked me right in the face this am. Damnit.

    --
    Sent from your iPad.
  6. couldn't microsoft by circletimessquare · · Score: 4, Funny

    just warn us when they have found no exploits at all?

    meanwhile, we would just assume the default status is that everything is exploitable

    it would cut down on the announcements by an order of magnitude

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  7. Re:Simplest workaround by Anonymous Coward · · Score: 1, Funny

    thousand grateful thanks son! hey, why tax website is not loading anymore?

  8. Active X... by TriZz · · Score: 2, Funny

    ...will soon be added to the Thesaurus as a synonym of "Vulnerability".

    --
    No matter how hot a girl is - some guy somewhere is sick of her shit.
  9. Re:Isolate! HA! by VulpesFoxnik · · Score: 2, Funny

    NOT use an OS that allows executables to do anything with the kernel via an untrusted WEB PAGE

    So I guess you don't use any Operating System then?

    No, He prefers to communicate using God's language, machine code.

    --
    RES PUBLICA NON DOMINETUR