http://www.google.com/hostednews/ap/article/ALeqM5j5Xl8ruQxmd-Z9s0yQ96bBgNOacAD9996H7O0http://support.microsoft.com/kb/972890http://www.microsoft.com/technet/security/advisory/972890.mspx"Microsoft warns of serious computer security hole
By JORDAN ROBERTSON – 1 day ago
SAN JOSE, Calif. (AP) — Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.
The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.
It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.
Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.
The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into."
K,.. ladies and gents, What this means is:
If you're using
IE6 or IE7 on your
XP or windows server 2003 (of course you shouldn't be surfing on a server...) or older computer, and by extension this will affect
Outlook and
Outlook Express, You ARE vulnerable. Microsoft does not have a current fix for this vulnerability. Windows Updates will NOT save your hide at this point.
They have a workaround only.Please, as always, be careful what you click on in email.
Make sure that you know who sent you the link to a video, or what have you, and that you know where it is that you're being lead to.
Hint: In email, and on the web, you may see a link that reads that it's going to
www.youtube.com/someawesomevideohere, but before you click on it, hover over it without clicking, look at the bottom left hand part of the screen, it should show you the same link.
More often than not, the link at the bottom of the screen, if the email is malicious, will say something like: www.I'mabadperson.com/Iwillmessyourcomputerup.asp
(of course the links provided here are fictitious to the best of my knowledge, please don't try to use them.)
As far as I'm aware at this moment: firefox, opera, Google Chrome, et al are not affected. Nor is Thunderbird as an email program.
As many of you are aware, I'm not a Microsoft supporter, so take the following with a grain of salt:
Please consider switching to a safer webbrowser and email client.
In theory, IE8 is not vulnerable to this attack, but it is not being highly recommended on the internet. It is for all intents and purposes, still beta software. Meaning that Microsoft, in their typical manner of software development, has asked you, the user to do their bug testing.
Don't get me wrong. Vulnerabilities are found in firefox and opera as well, as well as the Linux operating system that I try to use on most of my machines, but they are patched on average faster, and more thoroughly than Microsoft patches their software.
Microsoft released the warning because they were forced to. They were aware of this vulnerability for some time, and were unable to fix it quickly. Once this issue became exploitable (i.e. someone managed to write a program to exploit it) and was released to the Internet, they -had- to say something. It's bad for business to stick your head in the sand and leave it there once people can prove that you knew, and that you chose not to say anything.