Windows 0-day exploit found on Web
Windows 0-day exploit found on Web
A previously unknown vulnerability in the Microsoft Windows graphics rendering engine is being exploited by several malicious Web sites to infect visitors’ systems, security experts said on Wednesday.
If you’re still using IE, think about making the switch 
Firefox users on Windows aren’t completely immune, but they at least get a dialog asking if they want to run the external program.
Actually the 0 Day Exploit and the Security Advisory published yesterday are 2 seperate incidents and involve 2 different bugs in their code.
the Zero Day Exploit Microsoft Security Advisory posted on November 21, 2005 - Named as such for the very first time it has ever happened that Microsoft published a fix and a vulnerability was immediately found in their fix (by a U.K. group called “Computer Terrorism”) was in regards to a JavaScript “Window()” function.
The Security Advisory published Dec 28, 2005 (Microsoft Security Advisory 912840) is in regards to another application called the Windows Picture and Fax viewer that affects Windows 2003, Windows XP, Windows 2000, and Windows 98. Notice that NT is not included…think that it might involve Direct X?
However they do have a current workaround: unregister the shimgvw.dll
True that means the program no longer works for now. Or you can take a chance and wait for the patch.
Don’t get me wrong FireFox is great and I’m posting using it now. Just wanted to make sure that you had the updated information.
Enjoy!
Comment by Michael — December 29, 2005 @ 2:11 pm
I’ve been out of the windows world for 6 years now so have little knowledge on any of their OSes after NT4. I’m not sure I’d even be able to unregister a DLL withoug hunting for instructions on google.
I do run XP in a VMWare solely for iTunes, but I never surf the web with it so I won’t bother to fix it until windows update does it for me.
Thanks for the info!
Comment by Anton — December 30, 2005 @ 9:06 am