Wednesday, September 23, 2009

New Web-based attacks target Windows Media holes

Browsing without new patch could be hazardous

Three separate browser vulnerabilities make you susceptible to drive-by exploits from otherwise-trustworthy Web sites. These threats affect you even if you never use Windows Media Player or Internet Explorer, so you should definitely apply this week's Windows patches. This month's security patches for Windows are a reminder that even the sites we trust can be sources of malware infections.

Microsoft security bulletin MS09-047 (973812) patches a hole that allows infected, downloaded media files to gain complete control of your system.More and more sites — even popular ones such as Facebook — have unknowingly hosted malicious banner ads, which is one way these media files can infect you.

Microsoft's Security Research & Defense blog predicts that this vulnerability will likely be targeted by such exploits within the next 30 days.Vista and Windows 7 have some protection against these attacks, but you should download and install MS09-047 immediately to stymie them completely, especially if you use XP.If, for some reason, you can't install this patch, remember that even sites you think of as trustworthy might serve a malicious banner ad from a third-party ad host.

The safest course of action is for you to apply this patch and use a browser other than IE, such as Firefox, Chrome, or Opera.

No comments: