Dangers Lurking on Web Pages & in E-mail

A remote control vulnerability exists in Microsoft Windows – particularly Internet Explorer. A user could infect his/her computer by visiting a Web page or viewing an HTML e-mail message that an attacker has configured to exploit this vulnerability. A successful attacker could take complete control of an infected system. Anti-virus and anti-spyware software will NOT protect against this type of problem.

Microsoft has released a patch for this bug. Thus, users should be sure that Windows Update has been run. A web page to test whether your computer is correctly patched is available at http://www.isotf.org/zert/testvml.htm. If Internet Explorer locks up and/or crashes when trying to load this page, then your computer is not patched for this problem. If your computer is patched, then the page will load and 2 colored boxes will appear on the screen.

The SunbeltBlog was one of the first to report this exploit. On Tuesday, the Microsoft Security Response Center Blog posted an advisory regarding the VML exploit. According to the blog:

We’ve also been adding detection to our various offerings. Customers can also visit Windows Live OneCare Safety Scanner and are encouraged to use the Full Service Scan option to check for and remove malicious software that take advantage of this vulnerability. Also, Windows Live OneCare users who’s current status is green, are already protected from known malware that uses this vulnerability to attempt to attack systems.

Technorati Tag: Security, Computers, Windows, VML

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s