Computers face hijack risk, Microsoft warns
Last Updated: Friday, September 29, 2006 | 4:51 PM ET
CBC News
Related
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Microsoft Corp. warned in its second advisory this week that a flaw in its Windows operating system could let an attacker hijack a computer through the Internet Explorer web browser.
The new advisory, issued on Thursday, came only two days after the company rushed out a "critical" security update for Windows to repair a different problem that also left computers vulnerable to attacks through the browser.
"An attacker would have to host a website that contains a web page that is used to exploit this vulnerability," says the latest advisory from the world's largest software maker.
"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," including administrative control.
Flaw found in July
The flaw addressed in Microsoft's latest warning was found two months ago, but code exploiting the vulnerability was released on Wednesday, according to security research group French Security Incident Response Team (FrSIRT).
"We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," says Microsoft's advisory.
The software maker said it was investigating reports of the vulnerability that affects Windows 2000, Windows XP and Windows Server 2003, and said it plans to issue a fix in its next scheduled security update on Oct. 10.
The vulnerability is related to a Windows component called WebViewFolderIcon and affects the Windows Shell through the Web View function.
The company suggested several workarounds that can be used to minimize risk until the security update is released.
Share Tools
Top News Headlines
- HMCS Corner Brook collision damage extensive
- The damage done to HMCS Corner Brook when it hit the ocean floor off B.C.'s coast last summer was more extensive than first reported, CBC News has learned by obtaining exclusive pictures of the submarine. more »
- Mandatory gun sentence struck down by Ontario judge
- An Ontario Superior Court judge has struck down a mandatory minimum sentence for a first offence of possessing a loaded firearm. more »
- O Canada! 12 Flag Day stories of patriotism
- Ahead of tomorrow's Flag Day celebrations, our readers shared some of their proudest Canadian moments. Here are some of the best. more »
- UN raises fears of civil war in Syria
- Syrian government forces renewed their assault on the rebellious city of Homs on Tuesday, activists said, as the UN human rights chief raised fears of civil war. more »
- HMCS Corner Brook collision damage extensive
- Whitney Houston's body now at N.J. funeral home
- Online surveillance critics siding with child porn: Toews
- Stanley Cup rioter seen in brick attack on cop
- Mandatory gun sentence struck down by Ontario judge
- Whitney Houston estate value set to soar
- Whitney Houston's body headed home to New Jersey
- Man pleads guilty to murder of stepdaughter, 17
- HIV-positive B.C. man jailed for assault, child porn
