Filed under: Internet, Security, Microsoft, Browsers
New threat targets DirectShow component via Internet Explorer
The drive-by exploit targets msvidctl.dll, a DirectShow component, and is popping up on numerous recently-compromised websites. Sophos' Graham Cluely speculates that the attack may have been timed to catch people off guard on the Fourth of July weekend.
Until a fix has been released by Microsoft your best bet is to use an alternative web browser. If you want to stick with IE, the Internet Storm Center has posted a workaround. Run regedit, and update the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftInternet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}If the value does not exist in your registry, you can create it as a new DWORD value.
and set its value to: 00000400
Get a WordPress.com Blog
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Paul b. Chapel said 2:18PM on 7-06-2009
What a joke intercrap explorer is.
If you're serious about computing, get a real browser: Safari. The Most Advanced Browser in the World.
Reply
skerns1 said 2:52PM on 7-06-2009
You misspelled Opera
Lee Mathews said 2:52PM on 7-06-2009
I see what you did there.
Edward_K said 2:38PM on 7-06-2009
This looks like a problem for explorer 7. People have to update to version 8 of explorer.
Reply
biloxiblue said 3:19PM on 7-06-2009
My version 8 has issues too. I looked up some stats on http://picktorrent.com and lots of other people are having similar issues. You just can't seem to win.
Reply
last_man1 said 5:20PM on 7-06-2009
That exploit is only viable on XP and Lesser Os of Windows per Computer World. It affects Direct X but only with XP and older Windows Os (Is it Viable) not Vista or Windows 7 so please stop beating up on Internet Explorer and telling folks to use another browser if Microsoft deemed it truly dangerous they would be throwing an "out of cycle patch", which hasn't shown up yet. stop beating the "drums of fear". Scaring folks into using Firefox which has needed more patches per cycle then Internet Explorer.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9135210
Reply
Lee Mathews said 5:21PM on 7-06-2009
1) How did I try to "frighten people into using Firefox?" I suggested _temporarily_ using one of four other browsers.
2) Only affects XP? Oh, well, I guess we can ignore this then. It's not like several million people are still using XP or anything
Johnny K said 9:31AM on 7-07-2009
@Lee: Right, But you could have at least mentioned that it was XP-only, instead of reporting that it was for all IE, all Windows.
alahmnat said 6:56PM on 7-06-2009
In other news, water is still wet, according to a variety of trustworthy sources.
IE's market share can't collapse fast enough. Ugh.
Reply
gojeda said 10:07PM on 7-06-2009
Hmmm....Secunia says:
FF 3.0.x
15 Secunia advisories
81 Vulnerabilities
IE 7
36 Secunia advisories
84 Vulnerabilities
Yet - I do not think I've seen the author utter nary a bad word about Firefox, much less in the ratios shown above
Seriously, why don't you and Linder just be a man about it and put a disclaimer at the bottom of your article that says IE sucks, download Firefox.
The farce of impartial reportage is getting a bit long in the tooth.
Reply
Lee Mathews said 10:49PM on 7-06-2009
I don't think anyone here claims impartiality. This is a blog, after all.
As far as reportage, threats in the wild that target IE affect a lot more users, so they usually get written about. I don't have time to do the digging right now, but if you can find a report from Sophos, Trend, etc. about an FF exploit that is active on more than 1,000 website, please post it because I'd love to share it.
Secunia on my system: FF3.5: 3 critical attacks (2 because of Java and 1 from WinAmp) IE8: 7 critical (2 java, 1 flash, 1 winamp, and 3 in IE itself).
It didn't report on Chromium, unfortunately, which is where I actually do most of my browsing.
Can I be a man and post "keep your browser updated?" Because I honestly don't care which browser anyone uses, that's their choice - but I do hope they keep it updated, whatever it is.
gojeda said 11:48AM on 7-07-2009
http://secunia.com/secunia_research/2009-19/
I guess you "missed" that one Lee.
Anyway, your article went out of its way to mention IE declining market share and it's vulnerabilities affect many more people. Both observations are true, however as FF's popularity rises, can we expect to see more stories from you about that browser's vulnerabilities?
Somehow I doubt it. I havent seen it so far. Did not see it with FF 3.0.x. This is particularly suspicious given the number of FF extensions out there with vulnerabilities of their own.
Lastly about reportage. If a reporter doesn't claim at least some impartiality, then the reporting kind of stops and now you are treading in the domain of commentary. "The informative bully pulpit" is an oxymoron in the minds of many.
That being said, thank you for posting the article about this vulvnerability. It just would be nice if the same type of article appeared when the same issues have plagued favored browsers in the past.
Reply
last_man1 said 1:30PM on 7-07-2009
No software is flawless as it's a product of human effort.
Visit http://www.mozilla.org/security/known-vulnerabilities/ for flaws that afflict Firefox.Visit also http://www.eweek.com/c/a/Security/Security-Report-Ignites-Firefox-vs-Internet-Explorer-Feud/ for a report on which browser has a monopoly on vulnerabilities.
Reply