ANTICHAT — форум по информационной безопасности, OSINT и технологиям

.Microsoft today issued stopgap instructions for plugging a previously unknown security hole that hackers are currently using to break into Windows computers via the Internet Explorer (IE) Web browser.

The problem, once again, is with a faulty ActiveX control. ActiveX is a Windows technology that works through IE and allows Web sites to add software to the user's computer or interact with components in the Windows operating system. In this case, the insecure component is an ActiveX control called "Snapshot Viewer," which ships with all versions of Microsoft Office 2000, Office 2002, and Office 2003. The flawed ActiveX control also is also shipped with the standalone Snapshot Viewer.

Microsoft warns that merely browsing with IE to a malicious (or hacked) Web site that exploits this vulnerability could be enough to compromise your system. So far, Redmond says it is seeing only "limited, targeted attacks" leveraging the vulnerability.

But, of course, that situation could change at any time. One way to avoid worrying about these attacks is to use an alternative browser, such as Firefox or Opera. For those who wish to continue browsing with IE, Microsoft suggests a couple of workarounds.

One approach involves changing the default security level of IE's Internet Zone to "high," and/or disabling active scripting in the browser. This approach will likely disable Javascript on many Web sites, some of which may load strangely or simply fail to work altogether after this change.

Microsoft also offers a less painful solution that doesn't fix the underlying vulnerability but prevents it from being exploited via IE. While logged in under an administrator account, open up Notepad (Start, Programs, Accessories, Notepad), and then cut and paste the following text:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2175210-368C-11D0-AD81-00A0C90DC8D9}]
"Compatibility Flags"=dword:00000400

It doesn't matter what name you give the file when you save it, as long as the file ends in ".reg" (so for example, you might name it "fix.reg" without the double quotes, of course). Once you've saved the file, double click on it, and click "yes" when asked if you want to add the information to the Windows registry.