Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
2 Men Arrested After Teen Was Run Over For His iPad
New threat targets DirectShow component via Internet Explorer
The drive-by exploit targets msvidctl.dll, a DirectShow component, and is popping up on numerous recently-compromised websites. Sophos' Graham Cluely speculates that the attack may have been timed to catch people off guard on the Fourth of July weekend.
Until a fix has been released by Microsoft your best bet is to use an alternative web browser. If you want to stick with IE, the Internet Storm Center has posted a workaround. Run regedit, and update the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftInternet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}If the value does not exist in your registry, you can create it as a new DWORD value.
and set its value to: 00000400
Comments
13
Subscribe to commentsPaul b. ChapelJul 6th 2009 2:18PM
What a joke intercrap explorer is.
If you're serious about computing, get a real browser: Safari. The Most Advanced Browser in the World.
skerns1Jul 6th 2009 2:52PM
You misspelled Opera
Lee MathewsJul 6th 2009 2:52PM
I see what you did there.
Edward_KJul 6th 2009 2:38PM
This looks like a problem for explorer 7. People have to update to version 8 of explorer.
biloxiblueJul 6th 2009 3:19PM
My version 8 has issues too. I looked up some stats on http://picktorrent.com and lots of other people are having similar issues. You just can't seem to win.
last_man1Jul 6th 2009 5:20PM
That exploit is only viable on XP and Lesser Os of Windows per Computer World. It affects Direct X but only with XP and older Windows Os (Is it Viable) not Vista or Windows 7 so please stop beating up on Internet Explorer and telling folks to use another browser if Microsoft deemed it truly dangerous they would be throwing an "out of cycle patch", which hasn't shown up yet. stop beating the "drums of fear". Scaring folks into using Firefox which has needed more patches per cycle then Internet Explorer.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9135210
Lee MathewsJul 6th 2009 5:21PM
1) How did I try to "frighten people into using Firefox?" I suggested _temporarily_ using one of four other browsers.
2) Only affects XP? Oh, well, I guess we can ignore this then. It's not like several million people are still using XP or anything
Johnny KJul 7th 2009 9:31AM
@Lee: Right, But you could have at least mentioned that it was XP-only, instead of reporting that it was for all IE, all Windows.
alahmnatJul 6th 2009 6:56PM
In other news, water is still wet, according to a variety of trustworthy sources.
IE's market share can't collapse fast enough. Ugh.
gojedaJul 6th 2009 10:07PM
Hmmm....Secunia says:
FF 3.0.x
15 Secunia advisories
81 Vulnerabilities
IE 7
36 Secunia advisories
84 Vulnerabilities
Yet - I do not think I've seen the author utter nary a bad word about Firefox, much less in the ratios shown above
Seriously, why don't you and Linder just be a man about it and put a disclaimer at the bottom of your article that says IE sucks, download Firefox.
The farce of impartial reportage is getting a bit long in the tooth.
Lee MathewsJul 6th 2009 10:49PM
I don't think anyone here claims impartiality. This is a blog, after all.
As far as reportage, threats in the wild that target IE affect a lot more users, so they usually get written about. I don't have time to do the digging right now, but if you can find a report from Sophos, Trend, etc. about an FF exploit that is active on more than 1,000 website, please post it because I'd love to share it.
Secunia on my system: FF3.5: 3 critical attacks (2 because of Java and 1 from WinAmp) IE8: 7 critical (2 java, 1 flash, 1 winamp, and 3 in IE itself).
It didn't report on Chromium, unfortunately, which is where I actually do most of my browsing.
Can I be a man and post "keep your browser updated?" Because I honestly don't care which browser anyone uses, that's their choice - but I do hope they keep it updated, whatever it is.
gojedaJul 7th 2009 11:48AM
http://secunia.com/secunia_research/2009-19/
I guess you "missed" that one Lee.
Anyway, your article went out of its way to mention IE declining market share and it's vulnerabilities affect many more people. Both observations are true, however as FF's popularity rises, can we expect to see more stories from you about that browser's vulnerabilities?
Somehow I doubt it. I havent seen it so far. Did not see it with FF 3.0.x. This is particularly suspicious given the number of FF extensions out there with vulnerabilities of their own.
Lastly about reportage. If a reporter doesn't claim at least some impartiality, then the reporting kind of stops and now you are treading in the domain of commentary. "The informative bully pulpit" is an oxymoron in the minds of many.
That being said, thank you for posting the article about this vulvnerability. It just would be nice if the same type of article appeared when the same issues have plagued favored browsers in the past.
last_man1Jul 7th 2009 1:30PM
No software is flawless as it's a product of human effort.
Visit http://www.mozilla.org/security/known-vulnerabilities/ for flaws that afflict Firefox.Visit also http://www.eweek.com/c/a/Security/Security-Report-Ignites-Firefox-vs-Internet-Explorer-Feud/ for a report on which browser has a monopoly on vulnerabilities.