Microsoft ActiveX vulnerability claimed to be not as big a threat as Conficker
Sam Masiello, vice president of information security at MX Logic, pointed at claims made by Roger Thompson, chief research officer at AVG Technologies on Network World, who said that the vulnerability ‘exposes the whole world, and can be exploited through the firewall'.
Thompson told Network World: “I have no doubt that the really bad guys are bustling to get this [new vulnerability] into their exploit toolkits. For the Conficker people, this could be the next thing. They waited until they had a really good exploit, then combined that with some smart strategies. So I wouldn't be surprised if they picked up on this.”
However Masiello claimed that he ‘very much disagree[d] with that sentiment'. Although he believed that the DirectShow exploit is significant and that the out of band patch that Microsoft released to address it is absolutely the right thing for them to have done, to say that this is comparable to Conficker is ‘blowing the situation out of proportion'.
Masiello said: “Conficker was similar to the Slammer worm from back in 2003 where there was no overt action required on the part of any individual person to get infected. You could get infected simply by being out of date on security patches. The current DirectShow exploit requires a user to visit a malicious website (links to sites hosting the exploit code are currently being sent out in spam emails) to get infected.
“Also, the user must be an admin on their computer to get infected by the DirectShow exploit. Most people do run in this mode, however so that won't be much of a hurdle to clear, but the requirement that a user must visit a website hosting malicious code is a tactic that users are becoming more accustomed to avoiding.”