Friday, October 1, 2010

XP Users should stop using IE **ASAP**

If you are still running Windows XP, it's really time to stop using Internet Explorer (except for Windows Update) and switch to Firefox or Google Chrome.  There is an active zero-day active that Microsoft has acknowledged in a Security Advisory that affects all XP+IE users without warning when they click a malicious link. People whose firewall blocks Windows file sharing at the network perimeter are less vulnerable to this attack. Home users who want to continue using IE and who have some technical expertise should consider using the Microsoft FixIt linked to from the Security Advisory. However, using the FixIt requires installing a separate patch first, and business users should be aware that the FixIt may adversely affect applications running on their work networks.

IE, Windows XP Users Vulnerable To DLL Hijacking -- InformationWeek
Clicking a link to a remote shared folder on a web page will open this share in Windows Explorer without a warning for 67% of all Internet Explorer users on Windows XP, according to Acros Security.

Internet Explorer and Windows XP users are at high risk from attacks that use DLL hijacking -- aka binary planting -- techniques to remotely exploit PCs, according to studies conducted by Slovenian security company Acros Security. Furthermore, many such attacks, which have already been seen in the wild, will succeed without users even being aware of what's happening.

As part of those tests, it found that clicking on a remote shared folder link when using IE and Windows XP -- which about 67% of all Windows users are still on -- would open the remote shared folder without warning, enabling the attack. The same was true for clicking on any remote shared folder link that arrived via email to an Outlook, Windows Mail and Windows Live Mail client.

Interestingly, however, unlike IE, "We found no way to launch Windows Explorer via a hyperlink from Firefox, Chrome or Opera, while Safari does open a remote shared folder when the web page containing the link comes from a local drive" -- for example, if attackers email an HTML file, said Kolsek.

No comments: