Serious security hole in Internet Explorer not fixed yet

What else is new...

---

http://tech.yahoo.com/news/ap/20081...plorer_security

Serious security hole in Internet Explorer not fixed yet

SAN FRANCISCO - Users of all current versions of Microsoft Corp.'s Internet Explorer browser might be vulnerable to having their computers hijacked because of a serious security hole in the software that had yet to be fixed Monday.

The flaw lets criminals commandeer victims' machines merely by tricking them into visiting Web sites tainted with malicious programming code. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc.

The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market. However, the hole is such that it could be "adopted by more financially motivated criminals for more serious mayhem — that's a big fear right now," Paul Ferguson, a Trend Micro security researcher, said Monday.

"Zero-day" vulnerabilities like this are security holes that haven't been repaired by the software makers. They're a gold mine for criminals because users have few ways to fight off attacks.

The latest vulnerability is noteworthy because Internet Explorer is the default browser for most of the world's computers. Also, while Microsoft says it has detected attacks only against version 7 of Internet Explorer, which is the most widely used edition, the company warned that other versions are also potentially vulnerable.

Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates, but declined further comment. The company is telling users to employ a series of complicated workarounds to minimize the threat.

Many security experts, meanwhile, are urging Internet Explorer users to use another browser until a patch is released.

___

On the Net:

Microsoft's advisory:

http://www.microsoft.com/technet/se...ory/961051.mspx

the reason why i have not touched IE Since Firefox came out unless i need to...

I lol'd.

hmm, on Vista in protected mode, it's supposed to be okay....

The Hindenburg was supposed to be okay...

Possibly try avoiding random sites that want to give you free Xbawks?

You mean I'm not supposed to click sexleg links?

MS are advising people use competitors browsers until the flaw is fixed. I wonder how many home and small business users will actually go back to IE?

nubious81 wrote:

the reason why i have not touched IE Since Firefox came out unless i need to...

QFT

Pretty much my case as well.

   What the heck is Internet Explorer?

We use firefox at work for the last couple of years, we went around and removed all IE shortcuts.

Don't they always send out warnings before the New Year.

We have Safari, Firefox and MSIE on every machine here. Firefox is good, but it's single threaded and has a horrible bookmark management system. MSIE hangs after too many tabs have been opened and closed and has a security hole or two, but if one tab crashes the rest are fine. Safari can't deal with secure authentication to save itself.

I use:

MSIE for secure authentication logins to Microsoft based systems and web apps.

Firefox for general personal web browsing

Safari as a last resort

The right tool for the right job.

phi wrote:

We have Safari, Firefox and MSIE on every machine here. Firefox is good, but it's single threaded and has a horrible bookmark management system. MSIE hangs after too many tabs have been opened and closed and has a security hole or two, but if one tab crashes the rest are fine. Safari can't deal with secure authentication to save itself.

I use:

MSIE for secure authentication logins to Microsoft based systems and web apps.

Firefox for general personal web browsing

Safari as a last resort

The right tool for the right job.

Yeah Firefox i use for pc basicly and Chrome.

Mac i use Firefox Safari Opera ive been using opera more though when firefox gives me problems.

Cadsuane wrote:

The Hindenburg was supposed to be okay...

AHAHAHAHAH!

Cadsuane wrote:

The Hindenburg was supposed to be okay...

As was the titanic...

Press pressure probably prompted push:

---

http://tech.yahoo.com/blogs/null/11...-how-to-get-it/

IE hack patch is out: How to get it

Wed Dec 17, 2008 4:26PM EST

Acting with record speed, Microsoft has issued a patch for the just-announced security flaw that impacts all recent versions of Internet Explorer, from version 5 to the latest betas of IE 8. The next security update had not been due from the company until January 13, making this a very rare occurrence.

Getting the update is easy.

With any version of Windows, just run Windows Update, which you'll find in IE's Tools menu or in the Windows Start menu under "All Programs." Vista users can just type "Windows Update" in the Start menu search box to pull it up, then click "Check for updates" on the left side of the window. Either an Express or Custom run of Windows Update will find the patch.

The patch will appear as a "High-priority update" named "Security Update for Internet Explorer" followed by your version number. It will auto-select, so just click "Install Updates" to continue. A reboot will be required when the small update (only a few MB) is finished. (Grab any other security-oriented updates you see while you're there.)

It's a good idea after installing the patch to make sure your anti-malware software is updated and then to run a full scan on your system, just to make sure nothing sneaked in while you were unpatched. After that, you should be ready to go.

To learn more about what's being patched, check out this Microsoft Knowledge Base entry.

I guess Netscape Navigator has no friends v.v

Cadsuane wrote:

The Hindenburg was supposed to be okay...

*smaK*  LOL