The security advisory for Microsoft Agent, MS07-051, is the only critical release out of four security advisories the company put out on Sept. 11. It addresses a vulnerability whereby Clippy can get hoodwinked by a malicious URL and can then be used to take over a targeted system without ever appearing to the user.
Clippy—officially known as Clippit—met its
Given that this vulnerability is rated critical and can lead to system takeover, some rank it at the top of the priority list for patching if users are running Windows 2000. "This one is critical, and it's like a browser fix: You surf to an evil Web site and you'll get hacked," said Eric Schultze, chief security architect at Shavlik Technologies.
Symantec's Security Response is considering the Agent flaw to be a high-priority fix given that it's in Microsoft Agent's ActiveX, which runs on a "significant number of systems," the company said in a release. Beyond its ubiquity, the vulnerability is yet another hallmark of a big bump in the number of ActiveX vulnerabilitiesARTICLE DATE: 09.12.07
Copyright (c) 2007 Ziff Davis Media Inc. All Rights Reserved.
http://www.pcmag.com/print_article2/0,1217,a=215006,00.asp
留言列表