Attacks Against Unpatched Microsoft Bug Multiply
CWmike writes "Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat. Symantec, Sunbelt Software, and SANS' Internet Storm Center bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by IE to display Excel spreadsheets. There is no patch for the vulnerability; Microsoft didn't release one in today's Patch Tuesday. A temporary fix that sets the 'kill bits' of the ActiveX control is available, but experts believe it's likely most users won't take advantage of the protection. Symantec raised its ThreatCon ranking to the second of four steps. "We're seeing it exploited, but currently on a limited scale," said Symantec's Ben Greenbaum. Sunbelt also bumped up its ranking, to high." Firefox users can't be too complacent; Secunia is warning of a 0-day in version 3.5.
Firefox users can't be too complacent; Secunia is warning of a 0-day in version 3.5.
Well, I guess I'm safe. At my workplace, my Redhat 9 installation is incapable of running any version newer than Firefox 2.0.0.20.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Apparently everyone using IE or FF 3.5 is waiting for updates before posting.
Without an unsandboxed version of the win32 api, which is what ActiveX is, they would be unable to deny the ability to use the internet to those without a recent version of windows and office.
My head didn't stay unexploded while I wasn't unreading this unstatement.