New Zero-Day Vulnerability In Windows 231
Jimmy T writes "Microsoft and Secunia are warning about the discovery of a new 'Zero-day' vulnerability affecting all Microsoft based operating systems except Windows 2003. Both companies states that the vulnerability is currently being exploited by malicious websites. One attack vector is through Internet Explorer 6/7 — so be aware where you surf to."
Just curious (Score:3, Insightful)
Does anyone actually know anyone that has been affected by any of these exploits? Seems to me that the odds of actually visiting a site that "runs" the exploit is incredibly low.
"Trusted" Websites (Score:3, Insightful)
Re:Just curious (Score:3, Insightful)
The attack vector is a link to the bogus page. Now, how do you get a link to a user and make him click? Usually this is done either by email (click here for big boobs or fat cash) or on a webpage (same).
In the meantime, you can also have it on a banner, where the one wanting to infect you buys ad space on a
Well, technically, you get free software...
Re:"Trusted" Websites (Score:3, Insightful)
Re:The best solution (Score:2, Insightful)
He isn't. He said that the most certain way of avoiding vulnerabilities is not to be connected to the 'net. That's true, right?
You said:
> The computer I had before my current laptop got incredibly bogged down with
> viruses that entered the system through a variety of means.
> Eventually I found it to be unusable, and switched it to Linux.
and then went on to say:
> Let me reiterate that I have never had a problem with viruses.
Sounds to me like you have had a problem with viruses; so much so that you found they made your computer unusable.
Re:The best solution (Score:3, Insightful)
Have you seen the 'mitigating factors from the MS advisory? They're hilarious:
Ahh, easy. Don't click links on the web then.
That's good, the first thing Aunt Nelly does with her new PC is set up a LUA account.
Put malicious sites in the Restricted Zone first, good advice - can we have a list of them please? Before anyone suggests turning off Active Scripting, that causes IE to display a warning message box every time you visit a site with Flash, making it unusable.
A much better mitigating factor would be that over 10% of users can't run ActiveX because they are using Firefox or Linux.