Originally published December 29 2005
Security firms warn of threats affecting Microsoft products
by Mike Adams, the Health Ranger, NaturalNews Editor
The Sophos PLC security firm has reported that a Clunky-B Trojan horse is allowing hackers to install and run malicious software when people visit sites containing the malware. The users most likely to get infected are those who visit pornographic sites.
Two security firms today issued new warnings about two separate threats affecting Microsoft Corp. products.
Sophos PLC reported evidence of new malware planted on Web sites that exploits a previously announced -- and as-yet-unpatched -- Internet Explorer security vulnerability.
The Clunky-B Trojan horse allows hackers to install and run malicious software on users' machines when they visit sites containing the malware, said Graham Cluley, a senior technology consultant at Sophos.
The code is only the latest of several Trojan horses seeking to exploit an Internet Explorer vulnerability that Microsoft first disclosed in May.
That advisory was updated on Tuesday to inform users that it was aware of the proof-of-concept code and is investigating the matter (see "Attackers targeting unpatched IE bug, Microsoft warns").
"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers.
This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs," the company said in that advisory.
Until a fix is available from Microsoft, users should consider changing the configuration of Internet Explorer to turn off or prompt before allowing Active Scripting to run, Sophos said in its advisory.
Meanwhile, a separate security advisory came from database security vendor Imperva Inc ., which warned users of a vulnerability it discovered in Microsoft's SQL Sever 2000 database that allows potential attackers to mask their log-in names from the software's audit tools.
Users who take advantage of the flaw could gain access to a vulnerable database and take any action they want without fear of their actions being audited, Imperva CEO Shlomo Kramer said.
Microsoft issued an advisory informing users of the problem on Wednesday in which it tells users how to detect the problem and work around it.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml