New Zero-Day Vulnerability In Windows 231
Jimmy T writes "Microsoft and Secunia are warning about the discovery of a new 'Zero-day' vulnerability affecting all Microsoft based operating systems except Windows 2003. Both companies states that the vulnerability is currently being exploited by malicious websites. One attack vector is through Internet Explorer 6/7 — so be aware where you surf to."
Re:Seriously, Is Firefox susceptible to this too? (Score:5, Informative)
Re:Seriously, Is Firefox susceptible to this too? (Score:3, Informative)
Prior to IE7, the XMLHTTP object, used to retrieve data from external sources without full-page reloads, was provided by an external ActiveX control. With IE7, Microsoft has implemented XMLHTTP natively in-browser, rendering the ActiveX control unneccesary -- however, it's still possible for older sites which haven't yet been rewritten to take advantage of native XMLHTTP support to load the ActiveX version.
The good news is, if you don't mind breaking the many AJAX-reliant sites which still use the old-style XMLHTTP object, you can disable it completely through IE7's (and IE6SP2's) Add-on management.
No 2003? Someone can't read. (Score:3, Informative)
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional