'Rain of security bugs' in ActiveX
HD security researcher Moore announced that it has discovered more than 100 bugs in the ActiveX Controls integrated in installed Windows XP versions with default parameters.
HD security researcher Moore announced that it has discovered more than 100 bugs in the ActiveX Controls integrated in installed Windows XP versions with default parameters.
Using the fuzzing tool helped independent researcher Moore discover some great security flaws in Active Controls. The fuzzing tool is a very popular tool for security researchers to discover security flaws in operating systems and application software.
Previously, these tools were never known. But since Moore announced the "Month of browser bugs" campaign, everyone knows about this tool.
"The rain of Active X security bugs?"
Moore claims that the above 100 security flaws are discovered in the standard ActiveX components of the operating system. Not only that, he discovered more than 100 other security flaws that exist in ActiveX components that are brought into the system by popular applications such as Microsoft Office.
Moore said most of the security flaws he discovered were simple service rejection errors. However, there are still about a dozen errors that can be exploited remotely on the Internet Explorer browser platform.
ActiveX is a key component used in web pages to increase interactivity and add more features to users. However, this technology allows websites to change users' PC systems, so it is still considered a potential problem.
Tools of criminals?
Online criminals often take advantage of errors in ActiveX to install dangerous code on people's systems. The WebAttacker tool is a very successful tool to attack a user's computer through a Microsoft Data Access Components error - a component of ActiveX. The average success rate of this tool is 12-15%, said Dan Hubbard, vice president of security firm Websense.
" Users often rarely update their browsers ," Hubbard said. " Because of this, the types of attacks are still in effect. And on a new front, users can be attacked with a multi-browser attack tool. Hackers are getting better at the field. areas and their own work ".
Security researcher Moore created his own fuzzing tool to discover security flaws in ActiveX. And he wanted to warn Microsoft before launching this tool.
What does Microsoft say?
To minimize the potential threats of attacks, Microsoft has a plan to disable ActiveX features by default in the Internet Explorer browser version. Besides, Microsoft will also put more information into warnings for users before they decide to install a new ActiveX Control - this feature is called by Microsoft AcitveX Opt-in.
" ActiveX Opt-in eliminates the default ability to allow malicious websites to be able to and operate ActiveX Control as a tool for attacks ," Microsoft said. " If a website has an ActiveX download, the information bar will display all the information and advise the user whether they can decide to download ActiveX ."
Microsoft recommends that users upgrade to IE 7 Beta 3 to increase ActiveX security. The new security environment in IE 7 will help eliminate any security flaws discovered by Moore experts.
Hoang Dung
- Security flaws are revealed only as
- Microsoft patches a lot of Windows errors
- OpenOffice fixes three security bugs
- Mozilla denies security flaws in Firefox 2
- Adobe Reader has a dangerous ActiveX error
- Apple bit 54 software security errors
- 70 software has a security error
- The secret to destroy bed bugs without chemicals
- Sophos discloses bugs in security software
- Acer sold the PC with a security error
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system