Jump to content

Serious Security Flaw Found In Ie


lynn98109
 Share

Recommended Posts

Users of the world's most common web browser have been advised to switch to a rival until a serious security flaw has been fixed.

 

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

 

Microsoft is investigating the problem and preparing an emergency software patch to resolve it, it says.

<snip>

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

 

Microsoft says it has detected attacks against version seven of the browser - its most widely used edition.

 

But the company warned that other versions were also potentially vulnerable.

 

As many as 10,000 websites have been compromised since last week to take advantage of the security flow, said antivirus software maker Trend Micro.

full article here -

http://news.bbc.co.uk/2/hi/technology/7784908.stm

 

Lynn

Link to comment
Share on other sites

So, the eternal (infernal) game of cat and mouse (louse) continues.

 

I was wary of going to FF until a few years back and prefer it over IE. Hopefully it's more than just luck but I've never had a problem (even with IE) as long as I surfed sensibly (I know, it doesn't always matter but it probably helps) and kept AV software up to date.

 

Interesting that they'd advise a browser switch. MS must be red faced at that one.

Link to comment
Share on other sites

newer info from PCWorld -

http://www.pcworld.com/article/155585/micr...tch_for_ie.html

 

Patch to be issued tomorrow, 17 Dec, 1pm EST (10amPST).

More than 2 million computers are believed to be infected (how do you tell and how do you get it out :huh: ?)

 

And it seems it wasn't Microsoft suggesting an alternate browser :huh:

 

Lynn

Link to comment
Share on other sites

More than 2 million computers are believed to be infected (how do you tell and how do you get it out :huh: ?)

 

--Don't know. Probably the usual slow running and lights flashing on your ethernet box for no apparent reason (if used for spamming)? But I'll bet that many of those computers have absolutely no AV programs installed. I personally know far too many people who still have no AV installed, one of the excuses being it's all a scam to make money. I don't think any computer should be allowed to connect until you have up to date functional AV.

 

And it seems it wasn't Microsoft suggesting an alternate browser :huh:

 

I know....I was just amused that yet another flaw had someone (not MS) suggesting using an alternative and that MS can't be liking the bad press. As if this was the first big deal flaw ever. It sure won't be the last.

 

Lynn

Link to comment
Share on other sites

A couple of points on that - it also exists in IE6 and MS response was 'turn off active scripting' (which will effectively kill a lot of websites that use scripting)

 

Also, they were highly indignant that someone published that without telling them that they were going to do it:

 

"The flaw was made public in Chinese language discussion forums two days ago by a security group called the Knownsec team. In tests, it worked on IE 7 running on Windows XP, Service Pack 2.

 

It has already been used by attackers who have hosted it on hacked Web sites to attack unsuspecting visitors, said Wayne Huang, CEO of security vendor Armorize Technologies. Now that the bug has been publicly disclosed, he expects attacks based on the flaw to become much more widespread."

 

However:

 

"According to Metasploit, an open source security software company, the flaw has been known since 2001. Security firm Symantec traces the public disclosure of the flaw back even further to 2000. Let's do the math here: Microsoft has taken somewhere between seven and eight years to plug a security hole that can be executed with publicly available software and an e-mail."

 

I'll stick with the Russian thought controlled fighter (where IS the ex-mayor of Carmel when you need him? :lol:)

Link to comment
Share on other sites

Security breech---patch, patch, patch. I don't care if it's MS, FF, or any other browser, if the professional hackers want to find a hole they will !!! So my suggestion is to do as vid2man97 suggested---keep a good security program installed on your computer and just hope you don't become a victim. That will help.

 

Frank...

Link to comment
Share on other sites

Security breech---patch, patch, patch. I don't care if it's MS, FF, or any other browser, if the professional hackers want to find a hole they will !!! So my suggestion is to do as vid2man97 suggested---keep a good security program installed on your computer and just hope you don't become a victim. That will help.

 

Frank...

 

Microsoft issued an emergency IE7 update today.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...