Skip to: [ search ] [ menus ] [ content ] Select style [ Aqua ] [ Citrus ] [ Fire ] [ Orange ] [ show/hide more content ]

Holey moley! Zero-day attack for older Windows…

… that, by the way, “everybody” still happens to run, including Intel and the Winter Olympics. At least there was no public display of the Blue Screen of Death as happened in the China Olympics. As for Intel (which is still using Internet Explorer 6) – if Google, Adobe, and 32 other Silicon Valley companies were attacked by someone in China, what are the odds?

Today, Microsoft warned of a new hole that could be exploited in cyberattacks to take control of older Windows systems running Internet Explorer. Proof of concept code has been released publicly.

The Microsoft security advisory says that the vulnerability affects Windows 2000-, XP-, and Server 2003-based systems, in the way that Visual Basic Scripting (VBScript) interacts with Windows Help files. VBScript is an Active Scripting language that executes functions embedded in Web pages. Microsoft said:

“The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.”

In one attack scenario, a potential victim would be lured to a malicious Web site displaying a specially crafted dialog box that could prompt users to press the F1 key, which would install malware.

Windows Vista, Windows 7, and Windows Server 2008 are not affected. The issue is mitigated on Windows Server 2003, where IE Enhanced Security Configuration is enabled by default.

Microsoft complained that the vulnerability was not disclosed responsibly. :-) The hole was made public on Friday and proof-of-concept code was released by iSEC Security Research.

OK, I know “… we’re all mad here…,” but what do you call those people who keep doing the same old thing and expect different results? :-)

We should ask “the silent 32.”

-Bill at

Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”

You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. All four locations are accessible from here. If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.

©2010 William F. Hackett. All Rights Reserved.

No Comments to “Holey moley! Zero-day attack for older Windows…”

  (RSS feed for these comments)

You must be logged in to post a comment.

InspectorWordpress has prevented 52153 attacks.
Get Adobe Flash player