Thursday, March 29, 2007 3:37 PM
cmosby
McAfee Avert Labs Blog - Unpatched Drive-By Exploit Found on the Web (Follow-Up)
Unpatched Drive-By Exploit Found on the Web (Follow-Up)
Thursday March 29, 2007 at 9:31 am CST
Posted by Craig Schmugar
Trackback
In response to this issue, Microsoft has posted Security Advisory 935423. Microsoft states the following operating systems are vulnerable:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows Vista
Last night I had a chance to test Vista’s vulnerability. In the process of setting up the environment, I dragged and dropped a malicious ANI file to the desktop. This causes Vista to enter an endless crash-restart loop. I captured a video of this occurring.
(Blogger's Note: Check out the link below for video)
Note, this crash-restart doesn’t represent current real-world attacks, which are delivered over the Web. Those attacks would likely come through a Web browser.
Source: Computer Security Research - McAfee Avert Labs Blog
Filed under: Security and Anti-Virus, Patch Management, Microsoft Windows, AntiVirus Information, Internet Hacks