Ramblings of an old Doc
UPDATE
Published on December 23, 2010 By DrJBHL In Personal Computing

 

I wasn't planning on posting today, but when I read this, I felt I should whip something up quickly.

Security researchers have released attack code that exploits an unpatched bug in Microsoft's Internet Explorer (IE) and sidesteps defenses baked into Windows 7.

Microsoft late Wednesday confirmed that all versions of Internet Explorer (IE) contain a critical vulnerability that attackers can exploit by persuading users to visit a rigged Web site. The site can then hijack personal data and install malicious code and/or malware. This will bypass all security software and Windows 7 protestion. Network Administrators and IT Professionals can download EMET 2.0 from MS who claim it can be configured to protect servers.

MS Security Advisory (2488013) HERE.

Although the company said it would patch the problem, it is not planning to rush out an emergency update.

The next regularly-scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month, and just did so last week, it's possible the vulnerability won't be addressed until February.

Microsoft's usual practice is to release an emergency fix only if attacks appear and then grow in strength. Microsoft has never revealed how it sets the point at which a rush patch is triggered.

The vulnerability in IE6, IE7 and IE8 surfaced several weeks ago when French security firm Vupen disclosed a flaw in IE's HTML engine.

The bug first surfaced earlier this month when French security firm Vupen announced it had uncovered a flaw in IE's HTML engine, however the vulnerability was noted and explained earlier in a Chinese trade publication.

Doc suggests using Firefox, Opera, or any non iE based browser until this vulnerability is patched.

 

 


Comments (Page 7)
7 PagesFirst 5 6 7 
on Jan 12, 2011

http://www.pcworld.com/article/216506/Microsoft_turns_to_creative_tactic_to_block_IE_attacks.html?tk=rss_news

Have a link...and no, I don't care about this topic enough to quote it.

on Jan 13, 2011

Very informative. Thanks for the link.

on Jan 17, 2011

Hey, DrJBHL -

Opera 11.00 is eating my replies here lately.  Keep getting this error message when I click 'Submit':

The reply that you tried to make got all jumbled on the way to our server. Please wait a moment and try again.

Appears just below the 'Quick Reply' header.  Had to pop over to FF4.0B9 to post this.

You having any such trouble?  Thx.

on Jan 18, 2011

Hey, DrJBHL -

Opera 11.00 is eating my replies here lately.  Keep getting this error message when I click 'Submit':

The reply that you tried to make got all jumbled on the way to our server. Please wait a moment and try again.

Appears just below the 'Quick Reply' header.  Had to pop over to FF4.0B9 to post this.

You having any such trouble?  Thx.

No, Daiwa.... Posted with Opera 11.

on Jan 18, 2011

I experienced the same problem which is why I stopped using it. Too bad though as Opera is a screamer.

7 PagesFirst 5 6 7