WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Watch Out for an IE Zero-Day Attack
There's no fix yet available for the latest attack against Microsoft's browser.
Erik Larkin
Microsoft yesterday warned of a new attack underway against a flaw in the ActiveX control for the Snapshot Viewer for Microsoft Access, used by IE. There is not yet any patch available for the zero-day security hole, and the attacks likely focus on business targets.
In its security advisory, Redmond says the vulnerable control installs with "all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer." A poisoned Web page that exploits the hole could surreptitiously download malware to a victim PC.
"Active, targeted attacks" are underway on a relatively small scale, according to the advisory. Targeted attacks typically involve more careful planning and crafting, and may use a victim's name and title in a socially engineered e-mail with a link to a malicious site, for example. I usually only see targeted attacks against businesses, which fits given the vulnerability in Microsoft Access. So watch out for this while you're at work.
The US-CERT vulnerability report doesn't inspire hope: "We are currently unaware of a practical solution to this problem." You can set what's known as a kill bit for this particular ActiveX control to prevent it from running in IE, but doing so could prevent you from viewing Access report snapshots, and it involves mucking with the Windows Registry. See this Microsoft Support Page for kill bit instructions (the CLSID is in the security advisory).
The US-CERT report also says that IE 7's ActiveX opt-in feature should help mitigate the vulnerability, which the Microsoft advisory surprisingly doesn't mention. That should mean that you'd get a prompt before running the control on a poisoned page, and would have a chance to stop it before it attacked your computer.
If you have the choice, it may be a good idea to use Firefox until this hole is fixed. And if you're still on IE 6 at work, hammer on your IT to get you upgraded. Every security expert I talk to says you're basically asking for it if you surf the web with the outdated browser. If there's a particular in-house app that only works with IE 6, then use Firefox as your default Web browser, and only fire up IE 6 for that old app.
With HP wireless printers, you could have printed this from any room in the house. Live wirelessly. Print wirelessly.
PCW Download Guide
8 Useful Mobile Tools
Related Articles
- Obama Beats McCain as Spam Target A spam-off shows bulk mailers are far more likely to use Obama's name in the subject line.
- Google's Web 2.0 Services Invite Spam Spammers crate bogus YouTube and Blogspot accounts to promote services and lure users to spam domains, security firm reports.
- Don't Buy Antivirus Software, Vendor Says Threats today go far beyond viruses, so a standalone solution won't make it, Trend Micro manager says.
- 'Ransomware' Virus-Writer Identified When the alleged creator of an infamous virus tried to negotiate, security firm Kaspersky Lab helped track him down.
- Web Gives Hackers More Territory, Tools The Web is emerging as the preferred platform for security attacks and no longer just the users' PCs, security experts warn.
-
CDW Security Center Is your data protected? Visit the CDW Security Center Learn where you may be vulnerable and how to address those risks.
-
Asus Laptop Showcase Ultra-fashionable thin and light notebooks with SmartLogon Face Recognition. Find out more...
-
HP Ink Center Bring improved color and brilliance to your printed material. Visit the Resource Center for more info...
PC World's Marketplace
PC World's Free Whitepapers
"Watch Out for an IE Zero-Day Attack" Comments