July 14, 2009, 5:54 PM — With several stable and easy to use exploit examples circulating, the current Active-X threat is likely to make its way into mass exploitation, says Brent Huston, CEO and Security Evangelist for Microsolved, Inc. In a Campfire Chat this afternoon, Huston led a discussion on issues around this threat and urged security professionals to start building awareness in their organizations. Following is the full text of the chat.
Brent H.
Welcome all. We will be getting started in just a moment.
Brent H.
In the meantime, if you have not yet read our Risk Assessment document, please feel free to download it from the link on the right of your screen
Brent H.
Hello all, thanks for attending.
Brent H.
We wanted to give folks a chance to discuss the issues with the current Active-X Threat CVE-2009-1136
Brent H.
The threat assessment from MSI has not changed. We still see this as a medium level enterprise threat.
jimklun
Because it requires user interaction?
Brent H.
We have also been able to verify that MS09-032 does NOT contain the kill bits from the advisory for this issue.
Brent H.
Our medium level assessment is due to a variety of factors.
Brent H.
1. That servers should largely remain unaffected.
Brent H.
2. That user intervention is required.
Follow ITworld on Twitter: @IT_world
Google+
