New Zero-Day Vulnerability In Windows - Slashdot

Become a fan of Slashdot on Facebook

×

New Zero-Day Vulnerability In Windows 231

Posted by Zonk on Saturday November 04, 2006 @11:44PM from the worst-day-of-the-week dept.

Jimmy T writes "Microsoft and Secunia are warning about the discovery of a new 'Zero-day' vulnerability affecting all Microsoft based operating systems except Windows 2003. Both companies states that the vulnerability is currently being exploited by malicious websites. One attack vector is through Internet Explorer 6/7 — so be aware where you surf to."

This discussion has been archived. No new comments can be posted.

New Zero-Day Vulnerability In Windows

Search 231 Comments Log In/Create an Account

Comments Filter:

Re:Seriously, Is Firefox susceptible to this too? (Score:5, Informative)

by Shados ( 741919 ) writes: on Sunday November 05, 2006 @12:37AM (#16722023)

Yes and no. This flaw is specific to XMLHTTP, which is kind of developed independantly. You also can use XMLHTTP without using IE at all, thats why I say its independant. Its probably a buffer overflow, and not much to do about it in this case. So yes IE7 has a flaw, but there really isn't anything they could do in the current context. -HOWEVER-, while IE7 is more secure than IE6 in a million ways, the WinXP version is nothing but a shadow of the real thing. The sandboxed IE7 is on Vista only, and I'm pretty damn sure this vulnerability is not an issue there. Anyway, so its more semantic here, but you could say "yes, IE7 has a vulnerability". however, its a little bit like if there was a vulnerability in KDELIB across the board...obviously that would touch Konqueror, no matter how secure Konquerer itself is... Can't excuse that one though. IE7 on XP is far, far from secure. More secure, but not secure.

Parent Share
twitter facebook
Re:Seriously, Is Firefox susceptible to this too? (Score:3, Informative)

by uhlume ( 597871 ) writes: on Sunday November 05, 2006 @12:55AM (#16722127) Homepage

Only by virtue of Microsoft's attempt to provide backward compatability for AJAX sites developed for older versions of IE.

Prior to IE7, the XMLHTTP object, used to retrieve data from external sources without full-page reloads, was provided by an external ActiveX control. With IE7, Microsoft has implemented XMLHTTP natively in-browser, rendering the ActiveX control unneccesary -- however, it's still possible for older sites which haven't yet been rewritten to take advantage of native XMLHTTP support to load the ActiveX version.

The good news is, if you don't mind breaking the many AJAX-reliant sites which still use the old-style XMLHTTP object, you can disable it completely through IE7's (and IE6SP2's) Add-on management.

Parent Share
twitter facebook
No 2003? Someone can't read. (Score:3, Informative)

by flyingfsck ( 986395 ) writes: on Sunday November 05, 2006 @03:40AM (#16722879)

From Secunia, the vulnerable versions are:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

Intel CPUs are not defective, they just act that way. -- Henry Spencer