Microsoft Vista Software | Microsoft Vista Books | Linux Books | Ubuntu Books | Ruby On Rails Books

Tuesday, July 28, 2009

Microsoft rushes to fix IE kill-bit bypass attack

Of course real people use a real browser but for those that don't there is a fix coming today. Here is some detail from computerworld on why Microsoft is patching this

Microsoft has been forced to issue emergency patches for its Windows operating system after researchers discovered a way to bypass a critical security mechanism in the Internet Explorer browser.

During a Wednesday talk at this week's Black Hat conference in Las Vegas, researchers Mark Dowd, Ryan Smith and David Dewey will show a way of bypassing the 'kill-bit' mechanism used to disable buggy ActiveX controls. A video demonstration posted by Smith shows how the researchers were able to bypass the mechanism, which checks for ActiveX controls that are not allowed to run on Windows. They were able to then exploit a buggy ActiveX control in order to run an unauthorized program on a victim's computer.

More here: