Jump to content
Posted 28 September 2006 - 10:28 PM
Posted 29 September 2006 - 10:08 AM
Posted 29 September 2006 - 10:28 AM
Published: September 28, 2006
Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.
The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View...
Posted 29 September 2006 - 12:12 PM
More zero-day attacks plague Microsoft users
Security researcher HD Moore published a module for the Metasploit framework this week that includes exploit code for a previously unknown Windows shell vulnerability.
Microsoft warned users of the issue on Thursday in a security advisory, saying that public report have pinpointed an ActiveX component as the source of the vulnerability, but that component merely exposes the vulnerable Windows shell. The flaw affects every version of the operating system, except for default installations of Windows 2003, the company said.
"Not everything that counts can be counted, and not everything that can be counted counts."
"Whoever fights monsters should see to it that in the process he does not become a monster"
Posted 03 October 2006 - 10:58 AM
0 members, 0 guests, 0 anonymous users