Brian Posey, ActiveX security improves with Internet Explorer 8′s security features

Experts are predicting that there’s no end in sight for ActiveX exploits.  It makes sense — because even criminals want to be cost-efficient.  If you’re trying to find vulnerabilities to exploit, you to make sure you can affect the highest number of people — and IE is still #1.

Robert Westerfelt, Confliker, Downadup worm hype? Get the facts

There’s a new variant of the Conficker worm. It’s known as ‘Downadup.’ Microsoft issued a patch for the worm last October but it’s still spreading and mutating.

The worm, which some authorities say has been able to build the largest botnet on record,  works by exploiting a vulnerability in remote procedure calls that allows remote code to be executed once a vulnerable machine receives a specially crafted RPC request.  In plain English, this means that if an end user views a specially crafted Web page using Internet Explorer, his computer will request malicious code to be executed. Like many of its malicious predecessors, this worm denies infected machines Internet access to security vendor websites.

Microsoft added routines to clean up Conficker infections to the January edition of its Malicious Software Removal Tool.  Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. The National Cyber Alert System recommends that to prevent further infections by infected USB devices, users should disable the Windows auto-play feature.

Gregg Keizer, Microsoft warns businesses of impending autoupdate to IE7 ]]> http://itknowledgeexchange.techtarget.com/overheard/overheard-youre-getting-ie7-whether-you-want-it-or-not/feed/ 0