iTWire - Microsoft admits Windows XP is under attack!

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Microsoft admits Windows XP is under attack!

Microsoft admits Windows XP is under attack!

E-mail

by Davey Winder
Tuesday, 07 July 2009
A no-click vulnerability which impacts Windows XP users has been revealed by Microsoft which admits it is already being exploited in the wild. With the Russian government gunning for Microsoft because of it, and cash machines using it revealed to be stealing PIN codes, things couldn't get much worse for Windows XP right now could they? Featured Whitepaper 5 Best Practices for Smartphone Support Well, yes, actually they could. A lot worse. Microsoft has issued a Security Advisory (972890) which details a vulnerability for the Microsoft Video ActiveX Control in Windows XP that could allow 'no-click' remote code execution. Microsoft, which admits to being "aware of attacks attempting to exploit the vulnerability" says that an attacker who is successful in exploiting the vulnerability could gain the same user rights as the local user. When you combine Windows XP (and Windows Server 2003 for that matter) with Internet Explorer 6 or 7 (although security analysts suggest that IE 8 is OK) that code execution becomes remote and does not require any user intervention. Although Microsoft does say that there are "no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control" it is recommending removing support for this ActiveX Control within Internet Explorer. Indeed, it is even recommending that Windows Vista and Windows Server 2008 customers remove support as well, even though there is no evidence to suggest they are impacted by the vulnerability, as a defense-in-depth measure. Microsoft is working on a security update to address the vulnerability, but in the meantime, instructions to remove support can be found in Knowledge Base Article 972890. Tags See All Tags Advisory Davey Winder Exploit Microsoft OS Security Software Vulnerability Windows Windows XP Zero Day Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking