0-day bug shatters Windows | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

The Perfect (Virtual) Marriage
Deduplication and VMware
Enforce Your Email and Web Acceptable Usage Policies
Not Just Words
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
Search Engine Link Spam
Risks, Threats, Solution
Solution Brief: Reduce Energy Costs
With Green IT Solutions
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security » Anti-Virus »

0-day bug shatters Windows

Mother, it's happening again

By John Leyden → More by this author

Published Monday 6th November 2006 14:30 GMT

Security researchers have identified an unpatched vulnerability in Windows. The flaw - which affects all supported versions of Windows bar Windows 2003 - resides in a security bug in Microsoft XML Core Services, specifically an unspecified security bug in the XMLHTTP 4.0 ActiveX Control.

The flaw creates a means for hackers to inject malware onto the PCs of surfers running IE who visit a website hosting malicious code that attempts to harness the security bug. Security notification firm Secunia says that the vulnerability is being actively exploited by hackers.

Microsoft has posted an advisory conceding the problem and suggesting possible workarounds, which basically involve disabling the affected ActiveX control, ahead of the arrival of a patch. ®

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Acer 'preloads vulns' onto notebooks (10 January 2007)
IE 'unsafe' for 284 days last year (5 January 2007)
MS preps six fixes for November Patch Tuesday (10 November 2006)
Attackers end-run around IE security (8 November 2006)
Web viruses drop off despite IE exploit flap (18 October 2006)
Mozilla flaws more joke than jeopardy (5 October 2006)
Unofficial patches defend against further IE flaw (3 October 2006)
Another day, another zero-day MS exploit (28 September 2006)
Trojan targets 0-day Word vuln (5 September 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..

whitepaper title

Enforce Your Email and Web Acceptable Usage Policies

Unmanaged employee use of email and the web can subject any organization to costly risks. Learn how clearly written Email and Web Acceptable Usage Policies (AUPs) can protect your business.

Whitepapers	Jobs
Mobile Computing : Opportunities and Risk A Modern-Day Marriage of Business Benefit and Risk Reduction The Perfect (Virtual) Marriage Creating Cross-Platform Visualization UIs with Qt and OpenGL	Business-minded Perl Hacker for Fast-Growing Biotech Company NMS Integration Developer for Telecommunications Network Operations Engineer/ Perl or PHP Programmer for a Media Related Company Experienced Perl Developer Perl Developer

Top 20 stories • All The Week’s Headlines • Archive • Search