Monday, July 13, 2009

Microsoft Announces ANOTHER 0-Day

OK, the last post was an article on a 0-day vulnerability in the DirectShow ActiveX control. I pointed you to a work-around until they will patch the problem. Sounds like they will be patching it tomorrow (Patch Tuesday). On the heels of that announcement, Microsoft says there is another 0-day in their Office products. It works the same. Bad guys will compromise sites that re-direct you to their malicious site. If they can get you there, your PC will be compromised. Really bad stuff.

The Internet Storm Center has a great write up here on this problem and also gives a link for you to "Fix It" which is similar to the work-around for last week. If you use Internet Explorer you will really want to visit the ISC link and click on the "Fix It" link. Another work-around, is to use an alternative browser like FireFox. I recommend it.

Stay safe, and have a fabulous week. Happy Patch Tuesday for all you Microsoft users!

No comments: