[ISN] Attack code targets new IE hole

From: InfoSec News (alerts@private)
Date: Fri Sep 15 2006 - 02:51:41 PDT


http://news.com.com/Attack+code+targets+new+IE+hole/2100-1002_3-6115966.html

By Joris Evers
Staff Writer, CNET News.com
September 14, 2006

Computer code that could be used to hijack Windows PCs via a
yet-to-be-patched Internet Explorer flaw has been posted on the Net,
experts have warned.

The code was published on public Web sites, where it is accessible to
miscreants who might use it to craft attacks on vulnerable Windows
computers. Microsoft is investigating the issue, the company
representative said in a statement Thursday.

"Microsoft's initial investigation reveals that this exploit code
could allow an attacker to execute memory corruption," the
representative said. As a workaround to protect against potential
attacks, Microsoft suggests Windows users disable ActiveX and active
scripting controls.

The flaw is due to an error in an ActiveX control related to
multimedia features and could be exploited by viewing a rigged Web
page, Symantec said in an alert sent to users of its DeepSight
security intelligence service Thursday. An attacker could commandeer a
Windows PC or cause IE to crash, the security company said.

IE versions 5.01 and 6 on all current versions of Windows are
affected, the French Security Incident Response Team, or FrSIRT, a
security-monitoring company, said in an alert Wednesday. FrSIRT deems
the issue "critical," its most serious rating. Microsoft noted that
Windows 2003 running Enhanced Security Configuration is not affected.

Upon completion of its investigation, Microsoft may issue a patch for
the flaw as part of its monthly release process, the company said.  
Microsoft is not aware of any attacks that attempt to exploit the new
IE vulnerability at this time, it said.

The warning of the new flaw comes only days after Microsoft released
its September patches. On Tuesday it released three updates, two for
Windows and one for Office. The software maker also released a third
version of an Internet Explorer fix after it botched the first two
versions of the patch.

In recent months, word of new attacks has repeatedly followed shortly
after "Patch Tuesday." Some experts believe the timing of the new
attack is no coincidence, suggesting that attackers look to take
advantage of a full month before Microsoft is scheduled to release its
next bunch of fixes.


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Fri Sep 15 2006 - 03:04:16 PDT