Register a free account

ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Security Alerts and vulnerabilities
Reload this Page Microsoft Confirms Critical Visual Studio Zero-Day
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 11-01-2006, 09:59 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,615
Send a message via MSN to Mobo
alert Microsoft Confirms Critical Visual Studio Zero-Day
An "extremely critical" vulnerability in Microsoft Visual Studio 2005 could put users at risk of remote code execution attacks, the company confirmed Nov. 1.

The Redmond, Wash., software maker issued a security advisory with pre-patch workarounds and warned that the flaw is already being used in zero-day attacks.

"We are aware of proof of concept code published publicly and of the possibility of limited attacks that are attempting to use the reported vulnerability," Microsoft said in the advisory.

Visual Studio 2005, formerly known as "Whidbey," is an integrated development environment that offers a suite of tools to help programmers build software, Web sites, Web applications and Web services. It is the latest version of Microsoft's developer tools and includes Visual Basic, Visual C++, Visual C# and visual J#.

According to Microsoft, the vulnerability is caused due to an unspecified error in the WMI Object Broker ActiveX Control (WmiScriptUtils.dll), which is used by the WMI Wizard in Visual Studio to instantiate other controls.

The company said an attacker could use the flaw to "take complete control of the affected system." In a Web-based attack scenario, Microsoft said a hacker could host a malicious Web site and use social engineering tactics to lure visitors. "It could also be possible to display malicious Web content by using banner advertisements or by using other methods to deliver Web content to affected systems," the company said in its advisory.

Workarounds

Microsoft has recommended various workarounds to help mitigate the risks. They include disabling attempts to instantiate the ActiveX control in Internet Explorer by setting the kill bit for the control in the registry.

The company also recommends that Visual Studio 2005 users configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.

Instructions on applying the workarounds can be found in the [Only Registered and Activated Users Can See Links. Click Here To Register...].
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]

Reply With Quote
Sponsored Links

Reply

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 12:49 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright © 2004-2007 Cyberanswers.org All rights reserved