Alan D
Group: Members
Posts: 3670
Joined: Aug. 2004 |
|
Posted: Sep. 24 2006, 05:19 |
|
A few days ago it was discovered that there's a new vulnerability in Windows that can be exploited, and is being exploited, by the bad guys who inhabit the web. This one seems particularly nasty. All you have to do to be caught is to visit an affected website, or it can also be picked up from an email containing HTML. Microsoft are working on a patch, and have promised to have one ready by mid-October, but in the meantime we're all vulnerable.
You can read the Microsoft report at the link below (which also offers advice and a workaround solution if you scroll down and click on 'workarounds' ):
http://www.microsoft.com/technet/security/advisory/925568.mspx
Unfortunately, as usual, this is not terribly clear to the average computer user. A much clearer account is available at the excellent Gibson Research website at this link, below:
http://www.grc.com/sn/notes-058.htm
Click on the link and scroll down to where it says 'How to Protect Your System', and read the advice it gives. You can protect your system very very simply by following their description of what to do. I've done it myself, and it seems to work, and I haven't noticed any ill effects. It takes less than a minute to do it. What it does is to deregister the file that is causing the vulnerability, and since hardly any websites require that file to be registered, it will have no significant effect on your use of your computer. (You can register it again in a few weeks' time when Microsoft have issued a patch, and you'll see that the Gibson Research page tells you how to do so.)
You can test the vulnerability of your system by clicking on the link below:
http://webfx.eae.net/dhtml/VMLClock/clockScriptlet.html
If you're vulnerable, you'll see the image of a clock. If you're not vulnerable (eg after you've deregistered the file), you see a blank screen.
The best additional advice I've been able to collect is:
1. Make sure Windows is updated fully. 2. Make sure your antivirus and antispyware protection is updated fully. 3. Don't visit sites where you're most likely to encounter this exploit (adult sites, gambling sites, crack sites, file sharing sites)
(I should add that all this information has been gathered from the highly knowledgeable people at the Windows Defender Newsgroup, in whom I have considerable trust.)
[Note: A non-Microsoft patch has been made and is available that supposedly fixes this issue - it's mentioned on the Gibson Research page - but it hasn't been endorsed by Microsoft, and I have no intention of using it myself.]
|