Monday, November 22, 2004

There is another new worm exploit out that affects Microsoft Windows Internet Explorer - and is NOT PATCHED. If you use MSIE, you can be infected simply by visiting a compromised website. And since several major banner ad providers have been compromised, thousands of websites are likely vectors for this worm. Here is just one example:
Bofra exploit hits our ad serving supplier

The Internet Storm website has a lot more information, and a complete write-up is found here.

"Just to refresh everyone on the details. On October 24, a vulnerability was discovered in the IFRAME tags of Internet Explorer 6.0 affecting all Windows platforms except Windows XP SP2. This vulnerability can be exploited by going to a web-site that has malicious code. Currently, some high profile sites with banner ads are linking to servers that have the exploit and malicious code."

"THERE IS NO PATCH FOR THIS VULNERABILITY! Windows XP SP2 has been reported as not vulnerable. If you are running IE 6, you are HIGHLY RECOMMENDED to utilize a different web-browser until a patch is released by Microsoft. Microsoft has confirmed the vulnerability with media organizations, but is yet to release any statement on their website. The next scheduled patch-release day at Microsoft is 24 days away (on December 14)."