XP users beware: highly dangerous attack gives hackers immediate control
By Microsoft Subnet on Thu, 10/23/08 - 1:57pm.Symantec today reported a new kind of attack that is exceptionally dangerous using Microsoft Help and Support Center Viewer. With this attack, hackers gain immediate access to the victims computer, rather than having to figure out a way to get the attack code to load (access to a start-up file, a reboot, social engineering).
An attacker tricks a victim into visiting a Web page that loads a binary file of malware via an arbitrary file-overwrite. It also overwrites a help system file, which has the power of executing scripts. The attacker uses this to execute the malicious binary file. Symantec says:
"It's worth noting at this point that in order for this attack to be successful the user must be logged in with Administrator privileges. However, since the standard Windows XP setup on stand-alone systems often has Administrator privileges enabled, and most users don't follow best practices to set up a limited user for general use, this attack may be possible on a large number of machines."
The Symantec site has posted a video that shows the attack in action.
In seperate news, Microsoft today issued an emergency patch of the highest rating, MS08-067. In the first emergency patch since April, this critical update fixes a remote code execution vulnerability in the Windows Server Service. The hole could allow an attacker to execute what Microsoft calls a "wormable exploit" on Windows Server 2000, Windows XP and Windows 2003, but other Windows systems are vulnerable, too.
Visit the Microsoft Subnet home page for more news, blogs, podcasts.
More blog post from the Microsoft Subnet posts:Also see:
12 tips for safe social networking
10 questions for Microsoft's Windows Server 2008 guy, Jason Hermitage
17 job-hunting resources for Windows pros
Under the hood of Hyper-V (master list of links).
Subscribe to all Microsoft Subnet bloggers.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
- About The Microsoft Update
Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited
Most Discussed Posts
- Blog Roll
-
- Microsoft Subnet Home Page
- http://www.networkworld.com/subnets/microsoft/
- All Microsoft Subnet bloggers
- http://www.networkworld.com/community/blogs/microsoft/feed
- ActiveWin
- http://www.activewin.com
- Blake Handler The Road to Know Where
- http://bhandler.spaces.live.com/
- Dmitry's PowerBlog
- http://dmitrysotnikov.wordpress.com/
- Doug Brown,DABCC
- http://www.dabcc.com
- Ed Bott's Windows Expertise
- http://www.edbott.com/weblog/
- Joseph Tartakoff Microsoft Blog
- http://blog.seattlepi.nwsource.com/microsoft/
- Long Zheng istartedsomething
- http://www.istartedsomething.com/
- Mini-Microsoft
- http://minimsft.blogspot.com/
- Paul Thurrott's Supersite for Windows
- http://www.winsupersite.com
- Robert McLaws WindowsNow
- http://www.windows-now.com
- Scobleizer
- http://scobleizer.com/
- Techmeme
- http://www.techmeme.com/
- Todd Bishop's Microsoft Blog
- http://www.techflash.com/Microsoft
-
Network World, Inc
The Connected Enterprise