Ramblings of an old Doc
UPDATE
Published on December 23, 2010 By DrJBHL In Personal Computing

 

I wasn't planning on posting today, but when I read this, I felt I should whip something up quickly.

Security researchers have released attack code that exploits an unpatched bug in Microsoft's Internet Explorer (IE) and sidesteps defenses baked into Windows 7.

Microsoft late Wednesday confirmed that all versions of Internet Explorer (IE) contain a critical vulnerability that attackers can exploit by persuading users to visit a rigged Web site. The site can then hijack personal data and install malicious code and/or malware. This will bypass all security software and Windows 7 protestion. Network Administrators and IT Professionals can download EMET 2.0 from MS who claim it can be configured to protect servers.

MS Security Advisory (2488013) HERE.

Although the company said it would patch the problem, it is not planning to rush out an emergency update.

The next regularly-scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month, and just did so last week, it's possible the vulnerability won't be addressed until February.

Microsoft's usual practice is to release an emergency fix only if attacks appear and then grow in strength. Microsoft has never revealed how it sets the point at which a rush patch is triggered.

The vulnerability in IE6, IE7 and IE8 surfaced several weeks ago when French security firm Vupen disclosed a flaw in IE's HTML engine.

The bug first surfaced earlier this month when French security firm Vupen announced it had uncovered a flaw in IE's HTML engine, however the vulnerability was noted and explained earlier in a Chinese trade publication.

Doc suggests using Firefox, Opera, or any non iE based browser until this vulnerability is patched.

 

 


Comments (Page 3)
7 Pages1 2 3 4 5  Last
on Dec 24, 2010

There are people who use IE?

on Dec 24, 2010

Guess what. i went and got speed dial for Firefox. Did the install, restarted FF and the page said install successful. Even configured it to show speed dial button on the tool bar. Speed dial button is not there. Add-on is not there. Open new tab ... blank page. So much for that.

on Dec 24, 2010

Google Chrome is another good alternative just not as "refined" as FF, Opera and Safari (to me anyway) yet because it's not been in development as long. Still, I know a lot of tech savvy friends who swear by it and use it exclusively as a primary browser. I personally like Safari but I think it may have something to do with my Mac conversion a couple of years back until the skinning bug hit again...

I've been "computing" since MS DOS (punch cards in college) around 1980 and I've seen these browsers (and Windows versions) progress to where they are today. I've followed browsers like FireFox (Gecko at first...a branch off from Netscape in the late 90's) and Opera (always been fast but early versions were butt UGLY and kind of confusing) but MS never did "get it" when it comes to browsers (even when they tried to steal Netscape's ideas in the day). IE just became a part of the Windows OS in XP because in earlier versions of Windows you could completely uninstall it like any other program and it wasn't integrated into the system. Unfortunately now even though you're running another browser, ole IE will still be there lurking in the background whether you like it or not...

on Dec 24, 2010

DrJBHL
From my OP:


Although the company said it would patch the problem, it is not planning to rush out an emergency update.

The next regularly-scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month, and just did so last week, it's possible the vulnerability won't be addressed until February.

Microsoft's usual practice is to release an emergency fix only if attacks appear and then grow in strength. Microsoft has never revealed how it sets the point at which a rush patch is triggered.

Yeah.  I wasn't talking about their patching process at all, so not sure where you're going with that.

on Dec 24, 2010

ole IE will still be there lurking in the background whether you like it or not...

True. Every time I run CCleaner it finds temp files in IE. I don't use it so where they come from is a mystery to me. I'm gonna find a way to disable it ... if that's possible.

on Dec 24, 2010


ole IE will still be there lurking in the background whether you like it or not...


True. Every time I run CCleaner it finds temp files in IE. I don't use it so where they come from is a mystery to me. I'm gonna find a way to disable it ... if that's possible.

You use it if you load Impulse.

on Dec 24, 2010

I'm gonna find a way to disable it ... if that's possible.

I don't think you can....completely. It's integrated into the OS so that it'll be the system default app for certain program's .dlls...

on Dec 24, 2010

Yeah, SpeedDial was a nice added bonus.  Gotta get Opera out on the track & work up a real sweat to be sure, but it looks very promising.

on Dec 24, 2010


Quoting DrJBHL, reply 21From my OP:


Although the company said it would patch the problem, it is not planning to rush out an emergency update.

The next regularly-scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month, and just did so last week, it's possible the vulnerability won't be addressed until February.

Microsoft's usual practice is to release an emergency fix only if attacks appear and then grow in strength. Microsoft has never revealed how it sets the point at which a rush patch is triggered.


Yeah.  I wasn't talking about their patching process at all, so not sure where you're going with that.

I didn't think you'd seen it, and didn't want your computer to be possibly vulnerable until February.

on Dec 24, 2010

Guess what. i went and got speed dial for Firefox. Did the install, restarted FF and the page said install successful. Even configured it to show speed dial button on the tool bar. Speed dial button is not there. Add-on is not there. Open new tab ... blank page. So much for that.

  fine on mine. Start page, new tab, drag and drop, the whole works.

on Dec 24, 2010

Must have been a busted download. I dl'd it again and this time it worked. Now I can play.

on Dec 24, 2010

Why would you use something called Internet Exploder

on Dec 24, 2010

Why would you use something called Internet Exploder

Kablaam! There goes IE. Good thing I got FF.

on Dec 24, 2010

I have FF, Opera, and Google Chrome.

I've used FF since it first came out and have a hard time forcing myself to try anything else.

I like Operas speed. I like Opera Unite. I already had Dave Baxter stream my music collection and I use it to stream my music around the house.

I have WIndows7 on the other PC and have forced myself to run only Google Chrome for everything, including email. I have FF and TB exe sitting in a folder and have been tempted to install 'em but have held off.

I'm really starting to get comfortable with Google Chrome. I have fewer add-ons than I do with FF. The lack of add-ons has been an issue in giving up FF, but after using Opera and Chrome, I realize I have a lot of add-ons in FF that I don't need and are probably slowing it down.

On a side note...occasionally I have downloaded Seamonkey. I think it has great potential but is slow in development. I mess with it and uninstall it after a few weeks and download the next big update. It's not bad, just not as customizable as the three above.

And finally, there is ROckmelt, which I am REALLY liking for Facebook. (I have invites for, btw.)

I stopped using IE years ago. If not for Windows/MIcrosoft updates I would uninstall the damn thing so as not to worry about someone else getting on it.

on Dec 24, 2010
There are lots of things to like about Google apps, including Chrome. And just enough things about Google to make me leary of them.
7 Pages1 2 3 4 5  Last