Windows still vulnerable to PDF flaw

An increasing number of people open PDF via their browser by retrieving PDF files over the internet (via a Google search for example).

Now, even accessing PDF documents can prove to be risky.

Microsoft has said that its Windows XP and Windows Server 2003 are still vulnerable to a PDF attack when using Internet Explorer 7 as it could allow remote code execution.

Microsoft stopped short of asking its customers to downgrade to Internet Explorer 6 (an even more perillous platform) or bite the bullet and move to Firefox.

The vulnerability does not affect Windows Vista. Adobe has already patched its Acrobat reader/Acrobat applications, Microsoft was quick to point that these would not prevent an attack.

Microsoft's next Tuesday round of updates is scheduled for the 13th November although this could be brought nearer if needs be.

In a separate post, F-secure wrote that malicious PDFs are being sent through email in a bid to recruit more zombie computers.

Topics