TechTarget

Microsoft yet to patch XP security flaw

Microsoft has yet to release a work-around or patch to fix a serious problem in Windows XP affecting any Web applications running on a PC with Internet Explorer 7.0 installed.

Microsoft has yet to release a work-around or patch to fix a serious problem in Windows XP affecting any Web applications running on a PC with Internet Explorer 7.0 installed.

Hackers have already successfully used the flaw to target Acrobat 8. Security experts have warned that the flaw could impact applications such as Skype and Firefox.

The Acrobat attack, called PDFex, was the third most virulent virus, according to monthly statistics from anti-virus security company Sophos.

"PDFex only started to circulate at the very end of the month, but still managed to account for more than 13% of all e-mailed malware during October. It was heavily spammed out between 26-28 October, and during that period, it accounted for a staggering two-thirds, or 66%, of all malware spread via e-mail," said Carole Theriault, senior security consultant at Sophos.

Microsoft's TechNet website said the problem was due the way Windows incorrectly handles specially crafted URLs. "Applications that pass un-validated URIs or URLs to Windows can be leveraged to exploit this vulnerability," Microsoft said. The vulnerability is present in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed.

Microsoft warned that an attacker could attempt to leverage this vulnerability by embedding a specifically crafted URI or URL into an application and then convince a user to perform an action that would trigger the vulnerability. For example an attacker could convince a user to follow a link in an e-mail message which could allow arbitrary code to be run in the context of the logged on user.




CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close