Monday, July 6, 2009

Critical Security hole in Windows XP / Server 2003

Microsoft announced today that a nasty security vulnerability has been discovered but not yet patched that allows a malicious remote website to remotely control your machine. It is being actively exploited around the Internet.

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

I easily found a few of these sites by analyzing several spam emails containing links to rogue domains announcing things like eCards, or purporting to have news about recent events (M Jackson or Obama for example.)

If you still use Windows XP or Server 2003 and you use Internet Explorer (any version) then you are vulnerable . . . Vista, Server 2008 and Windows 7 Beta/RC users are not affected. Oddly enough, users of the venerable Windows 2000 with SP4 are also not affected.

There is a workaround for this issue, although using it will disable certain types of motion video in the browser. For end-user friendly workaround instructions (as well as a method to remove the workaround -- which you WILL want to do once this is patched) go to Microsoft's page on the topic at:

Once you get to that page, use the Enable Workaround (*Fix it*) button in the middle of the page and follow the prompts. After you have successfully enabled the workaround make sure to close and re-open IE -- or reboot -- before you continue surfing the web . . .

For advanced users / IT Admins you can find out more about this issue at: