Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Attacks prompt third parties to fix flaw
Published: 2006-10-02

Attacks targeting the latest flaw in Microsoft's operating system have convinced two groups to release temporary fixes to protect users while the software giant develops its own patch.

The attacks attempt to exploit the Windows Shell vulnerability acknowledged by Microsoft last week, according to the SANS' Internet Storm Center, which raised its alert level to Yellow after the organization's handlers received reports of a significant number of attacks.

Two groups have published software tools to protect against attacks that attempt to exploit the Windows Shell vulnerability. Security professionals who previously formed the Zeroday Emergency Response Team (ZERT) published on Saturday an update for a custom security tool aimed at protecting users temporarily from the attacks. Security firm Determina has also developed a software patch that will protect users against the attacks.

The ISC does not recommend installing the third-party patches, but instead suggests that users keep their antivirus updated, set the "kill bits" for the ActiveX controls that are currently being exploited to by attackers to get access to the flawed Windows Shell, or switch to a different browser, such as Opera's eponymous browser or Mozilla's Firefox.

Microsoft tells users how to set the kill bits in its security advisory for the issue.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus