I'll say it quicklu: you visit a compromised web page and... that's it; you can have your computer "infected" and running any program the attackers want, from keyloggers to spywares, to... you name it.
This attack uses a vulnerability in the Microsoft's ActiveX video and affects Windows XP and Windows Server 2003 (why, oh why should a server OS have this kind of "features"?) but as MS is so sure about its products, it recommends you do the same even if you have Vista and Windows Server 2008.
Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure.
To be safe(r) you need to disable ActiveX video in IE - or - may I suggest, use *any* other browser: Firefox, Chrome, Opera, Safari... anything will be better than IE!
I know lots of you never used anything but IE, and it might feel a little awkward at first, but believe me you'll soon be asking yourself: why didn't I changed browsers a lot sooner?
Now, let's hope MS doesn't try leveling the playing fields by introducing potential vulnerable plugins in the other browsers (without consent from its users!) instead of fixing their own problems.
No comments:
Post a Comment