Ramblings of an old Doc
UPDATE
Published on December 23, 2010 By DrJBHL In Personal Computing

 

I wasn't planning on posting today, but when I read this, I felt I should whip something up quickly.

Security researchers have released attack code that exploits an unpatched bug in Microsoft's Internet Explorer (IE) and sidesteps defenses baked into Windows 7.

Microsoft late Wednesday confirmed that all versions of Internet Explorer (IE) contain a critical vulnerability that attackers can exploit by persuading users to visit a rigged Web site. The site can then hijack personal data and install malicious code and/or malware. This will bypass all security software and Windows 7 protestion. Network Administrators and IT Professionals can download EMET 2.0 from MS who claim it can be configured to protect servers.

MS Security Advisory (2488013) HERE.

Although the company said it would patch the problem, it is not planning to rush out an emergency update.

The next regularly-scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month, and just did so last week, it's possible the vulnerability won't be addressed until February.

Microsoft's usual practice is to release an emergency fix only if attacks appear and then grow in strength. Microsoft has never revealed how it sets the point at which a rush patch is triggered.

The vulnerability in IE6, IE7 and IE8 surfaced several weeks ago when French security firm Vupen disclosed a flaw in IE's HTML engine.

The bug first surfaced earlier this month when French security firm Vupen announced it had uncovered a flaw in IE's HTML engine, however the vulnerability was noted and explained earlier in a Chinese trade publication.

Doc suggests using Firefox, Opera, or any non iE based browser until this vulnerability is patched.

 

 


Comments (Page 2)
7 Pages1 2 3 4  Last
on Dec 23, 2010

I've been using it since it first came out...never disappointed yet!

Lifehacker's Browser Test Results: HERE

on Dec 23, 2010

Thanks for the link, doc.

on Dec 23, 2010

DrJBHL
Lightof Abraxis, it's called that "zero-day" -- because the flaw becomes public before a patch is ready to stop its exploitation.

especially now that it's the buggiest and slowest of the browsers.

The problem is that 'vulnerability' could be anything from 'can look at the files in one directory' to 'can smite your box.'  MS will usually fix vulnerabilities even when there isn't even a verifiable threat due to other safeguards.

I haven't used IE8 in ages but I've been back on the IE9 beta for a while and loving it.  Can't wait for the RC.

on Dec 24, 2010

Let me eat my words, NotScript for Opera

Looks like I will be using Opera from now on

on Dec 24, 2010

yeah -started using noscript a few days ago.  Not sure if this is a bad as it sounds in the OP from reading the security bulletin, but doesn't matter much to me as I'm using firefox. 

on Dec 24, 2010


Quoting DrJBHL, reply 3Lightof Abraxis, it's called that "zero-day" -- because the flaw becomes public before a patch is ready to stop its exploitation.
especially now that it's the buggiest and slowest of the browsers.


The problem is that 'vulnerability' could be anything from 'can look at the files in one directory' to 'can smite your box.'  MS will usually fix vulnerabilities even when there isn't even a verifiable threat due to other safeguards.

I haven't used IE8 in ages but I've been back on the IE9 beta for a while and loving it.  Can't wait for the RC.

 

From my OP:

Although the company said it would patch the problem, it is not planning to rush out an emergency update.

The next regularly-scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month, and just did so last week, it's possible the vulnerability won't be addressed until February.

Microsoft's usual practice is to release an emergency fix only if attacks appear and then grow in strength. Microsoft has never revealed how it sets the point at which a rush patch is triggered.

on Dec 24, 2010

OMG_pacov
yeah -started using noscript a few days ago.  Not sure if this is a bad as it sounds in the OP from reading the security bulletin, but doesn't matter much to me as I'm using firefox. 

oh and don't get me wrong, please.  I'm really glad you took the time to post this.  TY!

on Dec 24, 2010

Hmm, just loaded up Opera and I've got to admit, it's pretty perky.  In terms of browsing it kind of feels like I've upgraded my processor a few clicks.  "I think this could be the start of a beautiful relationship" 

My Rust-Bucket and I thank you Doc.

on Dec 24, 2010

You're welcome, DaveRI.

Another thought for safe browsing is installing and browsing through Microsoft's Virtual Machine 2007 (TY CarGuy1).

on Dec 24, 2010

Just went and downloaded Opera. One thing is different, opening a new tab and seeing a bunch of thumbnails with each one linked to a website. Cool. Now all I gotta do is open click and I'm off. Not going for the boost thingy yet. This is pretty fast as it is. Another thing I'm liking, more real estate to work with. Not so much in the way of thick tool bars.

on Dec 24, 2010

That's the speed dial, Uvah. You can get a speed dial for FF here

 

on Dec 24, 2010

This is true but you don't have to configure it in Opera, its already there when you open a new tab. I am gonna check it out though. I'm only test driving Opera right now. So far I'm liking it but I'm not giving up Firefox any time soon.

on Dec 24, 2010

Just went and downloaded Opera. One thing is different, opening a new tab and seeing a bunch of thumbnails with each one linked to a website. Cool. Now all I gotta do is open click and I'm off. Not going for the boost thingy yet. This is pretty fast as it is. Another thing I'm liking, more real estate to work with. Not so much in the way of thick tool bars.

As taz said, it's  'speed dial'  and you can edit each thumb to whichever website you'd like.

on Dec 24, 2010

Okay Doc. Let me ask you somethin'. What happens if I have both Opera and firefox open at the same time. Will the fox become a diva or will Opera start lookin' for the henhouse? Sorry ... couldn't resist.

on Dec 24, 2010

I agree Navagatsio, especially now that it's the buggiest and slowest of the browsers.

I've heard that it may be slower than other browsers at the moment but buggy I don't agree with.

7 Pages1 2 3 4  Last