Microsoft confirms PDF attacks, urges caution

By Tom | October 29, 2007

In the wake of this week’s malware attacks using rigged PDF files, Microsoft has updated its security advisory to stress that the underlying flaw — in the Windows operating system — is still not fixed.

The advisory, first issued on October 10, points to an unpatched code execution hole in Windows XP and Windows Server 2003 (with Windows Internet Explorer 7 installed). While applications like Adobe Reader/Acrobat are currently being used as the vector for attack, Microsoft is making it clear that patches from third-party vendors aren’t a cure-all for this bug.

“[B]ecause the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability - they just close an attack vector,” says Bill Sisk, a member of Redmond’s security response communications team.

» Microsoft confirms PDF attacks, urges caution

Stumble it! Sphere: Related Content

Topics: Technology |

Add to Netvibes Subscribe with Bloglines Small NewsSmall News Feed Subscribe to Small News:Get all the News In Small on your cell phone

« Hulu goes Beta | Home | Gandhi/Quote of the Day »

Small-News Widgets

Download the Small-News.com Yahoo Widget, and NEVER miss a Breaking News


Download
.Mac (Apple Computer, Inc.)

Quote of the Day

April 22, 2008

Men often hate each other because they fear each other; they fear each other because they don’t know each other; they don’t know each other because they can not communicate; they can not communicate because they are separated.Martin Luther King, Jr.



Comments are closed.


Tag: