- The Washington Times - Tuesday, April 11, 2006

All the recent hullabaloo over the ability to run Microsoft Windows on an Apple Mac seems to have missed, by and large, the fact that Windows draws hackers and malicious types as honey draws flies. Witness this bit of news, albeit pitched in a self-serving news release:

Finjan Inc., the global provider of best-of-breed proactive Web security solutions for businesses and organizations, has informed Microsoft of a bypass and cross-zone scripting vulnerability in the Remote Data Service (RDS) object. Hackers could have potentially exploited this vulnerability to gain full control over and remotely execute code on user’s machines using Internet Explorer. This vulnerability applies to fully patched Windows XP SP2 system, including users of Internet Explorer version 7.0b1.

… RDS is part of the Microsoft Data Access Components (MDAC) library and enables the creation and execution of objects that are not allowed to run by Internet Explorer. By exploiting this vulnerability, a hacker could have bypassed security restrictions imposed on objects and run them in the “Internet Zone.” In addition, the vulnerability could have given a hacker full control over the user’s machine, including access to information and “write” privileges to the local file system. To view a short demo showing how a hacker could have benefited from exploiting this vulnerability, click here.

Finjan provided Microsoft with full technical details, including proof-of-concept, concerning this vulnerability and assisted Microsoft with the fix. According to its code of ethics, Finjan does not publish technical details about vulnerabilities.

Finjan’s Vital Security behavior-based solutions proactively protect its customers against this vulnerability, closing the window of vulnerability. More about this vulnerability can be found in Microsoft’s Security Bulletin of April 11, 2006.

Just a reminder: Wherever you run Windows - or any other operating system - be sure to use security and antivirus software.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide