Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

New Exploit Exposed In Microsoft Windows

March 14, 2011 by  
Filed under Computing

Comments Off on New Exploit Exposed In Microsoft Windows

It is being reported that hackers have been able to exploit holes in Windows and Microsoft new of the issue since January of 2011.

The exploit deals with the Windows protocol handler in Windows for MHTML.  Be advised the exploit can only be done if the user is running Internet Explorer. Apparently, hackers are using cross-site scripting attacks are intercepting and collecting peoples information, spoofing the content that is displayed to the browser, or interfering with the user’s browsing activities.  Read More….

80% Of Browsers Found To Be At Risk Of Attack

February 17, 2011 by  
Filed under Internet

Comments Off on 80% Of Browsers Found To Be At Risk Of Attack

About eight out of every ten internet browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, a security expert said today.

The poor state of browser patching stunned Wolfgang Kandek, CTO of security risk and compliance management provider Qualys, which presented data from the company’s free BrowserCheck service Wednesday at the RSA Conference in San Francisco.

“I really thought it would be lower,” said Kandek of the nearly 80% of browsers that lacked one or more patches.

BrowserCheck scans Windows, Mac and Linux machines for vulnerable browsers, as well as up to 18 browser plug-ins, including Adobe’s Flash and Reader, Oracle’s Java and Microsoft’s Silverlight and Windows Media Player.

When browsers and their plug-ins are tabulated together, between 90% and 65% of all consumer systems scanned with BrowserCheck since June 2010 reported at least one out-of-date component, depending on the month. In January 2011, about 80% of the machines were vulnerable.  Read more….

Microsoft Warns of New Windows MHTML Bug

February 1, 2011 by  
Filed under Internet

Comments Off on Microsoft Warns of New Windows MHTML Bug

In a security alert issued Friday, Microsoft confirmed that a bug in Windows’ MHTML (MIME HTML) protocol handler can be used by attackers to run malicious scripts within Internet Explorer (IE) browser.

“The best way to think of this is to call it a variant of a cross-side scripting vulnerability,” said Andrew Storms, Director of Security Operations at nCircle Security. Cross-site scripting bugs, often shortened to XSS, can be used to insert malicious script into a Web page that can then take control of the session.

“An attacker could pretend to be the user, and act if as he was you on that specific site,” said Storms. “If you were at Gmail.com or Hotmail.com, he could send e-mail as you.”

“Such a script might collect user information, for example e-mail, spoof content displayed in the browser or otherwise interfere with the user’s experience,” said Angela Gunn, a Microsoft security spokeswoman, in a post to the Microsoft Security Response Center (MSRC) blog.

The vulnerability went public last week when the Chinese Web site WooYun.org published proof-of-concept code.

MHTML is a Web page protocol that combines resources of several different formats — images, Java applets, Flash animations and the like — into a single file. Only Microsoft’s IE and Opera Software’s Opera support MHTML natively: Google’s Chrome and Apple’s Safari do not, and while Mozilla’s Firefox can, it requires an add-on to read and write MHTML files.

Wolfgang Kandek, the Chief Technology Officer at Qualys, pointed out that IE users are most at risk.  “While the vulnerability is located in a Windows component, Internet Explorer is the only known attacker vector,” said Kandek in an e-mail message. “Firefox and Chrome are not affected in their default configuration, as they do not support MHTML without the installation of specific add-on modules.”

All supported versions of Windows, including Windows XP, Vista and Windows 7, contain the flawed protocol handler, one reason why Storms believes it will take Microsoft time to come up with a patch.

In place of a patch, Microsoft recommended that users lock down the MHTML protocol handler by running a “Fixit” tool it’s made available. The tool automates the process of editing the Windows registry, which if done carelessly could cripple a PC, and lets IE users continue to run MHTML files that include scripting by clicking through a warning.

Courtesy-TheGuruReview

« Previous Page