Windows XP users have to bite the bullet of yet another unpatched flaw present in Windows XP and Server 2003 with Internet Explorer 7 installed.

Adobe Reader and Acrobat are being used as attack vectors to spread malware to unpatched systems.  Microsoft is being quite clear that third party patches are not going to fix this bug because the vulnerability lies in the ShellExecute function.

ZDnet says the PDF attacks use a combination of Trojan downloaders and rootkits to steal data from an infected computer.

What was once a simply “active” but “limited” exploit is now being massively spammed according to a report from F-Secure.

Microsoft says it is monitoring the situation and a patch is on schedule for a November 13 release (with the normal patch cycle) but if it becomes a real problem, the patch could always be released ahead of schedule.

If it helps at all, it does not appear that Windows Vista is vulnerable to this attack, so maybe it’s time to consider upgrading?

---

Related:

Microsoft is not "okay" with Vista upgrade hack

Google fixes Chinese language software tool, now safe for Windows Vista users

Microsoft ships Office security tools

Dangerous exploit looms in Windows Vista Mail

Animated cursor flaw patch due from Microsoft early

Entry was posted on Saturday, October 27th, 2007 at 9:14 am under Microsoft, Security.  Print This Post

Read more entries by Jonathan Schlaffer.