Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Serious flaw in Internet Explorer


  • Please log in to reply

#1
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
http://www.mercuryne...?nclick_check=1

SAN FRANCISCO—Users of all current versions of Microsoft Corp.'s Internet Explorer browser might be vulnerable to having their computers hijacked because of a serious security hole in the software that had yet to be fixed Monday.

The flaw lets criminals commandeer victims' machines merely by tricking them into visiting Web sites tainted with malicious programming code. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc.

The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market. However, the hole is such that it could be "adopted by more financially motivated criminals for more serious mayhem—that's a big fear right now," Paul Ferguson, a Trend Micro security researcher, said Monday.

"Zero-day" vulnerabilities like this are security holes that haven't been repaired by the software makers. They're a gold mine for criminals because users have few ways to fight off attacks.

The latest vulnerability is noteworthy because Internet Explorer is the default browser for most of the world's computers. Also, while Microsoft says it has detected attacks only against version 7 of Internet Explorer, which is the most widely used edition, the company warned that other versions are also potentially vulnerable.

Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates, but declined further comment. The company is telling users to employ a series of complicated workarounds to minimize the threat.

Many security experts, meanwhile, are urging Internet Explorer users to use another browser until a patch is released.


Microsoft Security Advisory, regarding the above issue: http://www.microsoft...ory/961051.mspx
  • 0

Advertisements


#2
jt1990

jt1990

    Member 1K

  • Member
  • PipPipPipPip
  • 1,519 posts
Heh heh...Firefox
  • 0

#3
Broni

Broni

    Kraków my love :)

  • Topic Starter
  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Always :)
  • 0

#4
jt1990

jt1990

    Member 1K

  • Member
  • PipPipPipPip
  • 1,519 posts
Drat, I was going to post this on my blog, but my web server is down today...:)
  • 0

#5
Broni

Broni

    Kraków my love :)

  • Topic Starter
  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
There is an update...
http://www.internetn...ro Day Flaw.htm

December 16, 2008

Microsoft is set to release an out of cycle patch for the zero day IE flaw that has left users at risk since Thursday December 11th when the flaw was first reported.

The patch is expected tomorrow and for many users, won't come too soon.

Not long ago, M$ said, no more patches before 2009...LOL
  • 0

#6
Bumblefoot

Bumblefoot

    Member

  • Member
  • PipPip
  • 11 posts
It figures, part way through a response to this topic IE errored me out. YES! Firefox without a doubt. Ok, In the past 2 weeks had to replace C: drive due to errors galore, sounded funny (in the spinup phase), too many bad sectors after disk check, frighteningly disturbed registry, to name a few... problems. #1, the original MS Win XP Pro disk which I bought when I built this desktop, had gone missing over the past few years and 8 or 9 moves to new addresses. I always thought it was in amonst the milk crate of SW to keep, but after looking though, and not finding it, rather than purchase a new XP Pro (not in my SSDI budget) I did find a different XP pro install disk, given to me by a friend after she migrated to Vista, a move she reminds me often she regrets. #2, knowing the SN had already been stored in the MS database of "been there, registered that" disks, I knew windows update would not have helped, as it's feelings were hurt after being called it an unauthorized version. #3 So thinking the MS Security updates would work, went there, only to find to do what I wanted, to install all the security updates since original install on her old system, now on mine, it wanted SP3, which after reading several tech reviews, and seeing a friend tearing his hair out with the problems he never asked for with SP3, I knew there had to be a another way...

So after installing all I could from backups on disks, and the 80 GB D: drive, I thought Trend Micro House Call might help. Ran it through it's cycle, about 2-3 hours later, it listed a huge amount of security issues, and with a click on each problem, it went to the required MS Security update, and a quick read if it was required for the environment of my system, I'd say about 18 hours later I had all I thought it needed. There has been no change in the speed or anything yet noticed so far, but I feel more secure knowing I had worked finding the security updates needed without passing the authentication process, or being pushed into SP3 before I'm confident it's got the bugs out.

There are most likely better, or more efficient, time saving ways to do this, and if so, feel free to let me know how much easier it would have been if I had asked the Pros here. -Thanks!-
  • 0

#7
dsenette

dsenette

    Je suis Napoléon!

  • Community Leader
  • 26,047 posts
  • MVP

There are most likely better, or more efficient, time saving ways to do this, and if so, feel free to let me know how much easier it would have been if I had asked the Pros here. -Thanks!-

when you first set up a system...get windows installed and all the programs you know you need...drivers etc....then make an image of the computer using some form of ghosting or imaging software (like norton ghost or drive image XML).....then any time you need to format/reinstall....just restore the image and you're back in business...usually within an hour
  • 0

#8
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Ill change the topic title, since the patch for this has now been released.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP