IE 0-day Exploit
Internet Explorer 7 has a new 0-day exploit, meaning that it is currently being exploited through malicious websites and there is no patch available. If a user visits a malicious site, there is a possibility that an attacker could run arbitrary code on the system. The exploit appears to use a vulnerability in Internet Explorer’s handling of XML code. This issue has been confirmed for users with IE 7 running Windows XP or Windows 2003. Further details are not available at this time. Gladiator recommends that users run the Firefox browser, if possible, for general web browsing until a patch is released.
Web Based Operating Systems
If you have been reading the news or surfing any IT based websites, you may have heard of “cloud computing,” a new buzz word going around. Cloud computing is a new style of providing IT or business applications and services via the Web or Internet “cloud.” One very popular form of cloud computing is Google Apps. With Google Apps, Google is able to provide many publishing applications, similar to Microsoft’s Desktop Suite (Word, Excel, PowerPoint), over the Web. Users can log in via an Internet browser and access the applications that are actually running on servers hosted by Google.
December Patch Tuesday
Microsoft has released 8 new patches resolving 6 critical and 2 important vulnerabilities found in its various products. The vulnerability for the Visual Basic 6.0 ActiveX Control has publicly available exploit code, so it should be patched as soon as possible. The products with critical severity vulnerabilities include:
- GDI
- Windows Search
- Internet Explorer
- Visual Basic 6.0 Runtime Extended Files (ActiveX Controls)
- Microsoft Office Word
- Microsoft Office Excel
Previous Articles
Gladiator Research and Security
This site is here to provide security related information and articles to better protect your financial institutions. We'll be posting advisories, blog entries and trends often so be sure to check back weekly.