Serious flaw in Internet Explorer not fixed yet
SAN FRANCISCO (AP) — Users of all current versions of Microsoft Corp.’s Internet Explorer browser might be vulnerable to having their computers hijacked because of a serious security hole in the software that had yet to be fixed Monday.
The flaw lets criminals commandeer victims’ machines merely by tricking them into visiting Web sites tainted with malicious programming code. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc.
The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market. However, the hole is such that it could be “adopted by more financially motivated criminals for more serious mayhem — that’s a big fear right now,” Paul Ferguson, a Trend Micro security researcher, said Monday.
“Zero-day” vulnerabilities like this are security holes that haven’t been repaired by the software makers. They’re a gold mine for criminals because users have few ways to fight off attacks.
The latest vulnerability is noteworthy because Internet Explorer is the default browser for most of the world’s computers. Also, while Microsoft says it has detected attacks only against version 7 of Internet Explorer, which is the most widely used edition, the company warned that other versions are also potentially vulnerable.
Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates, but declined further comment. The company is telling users to employ a series of complicated workarounds to minimize the threat.
Many security experts, meanwhile, are urging Internet Explorer users to use another browser until a patch is released.
http://www.microsoft.com/technet/security/advisory/961051.mspx
6 Responses to “Serious flaw in Internet Explorer not fixed yet”
Leave a Reply
RSS 2.0 Feed URL
IE has always been bad. But hackers this days get into computers using vunearbilities in other widely used programs like Adobe Reader in PDF files and such.
If you use a comprehensive anti-virus/spyware etc. and use a good firewall, it doesn’t really matter what ‘holes’ there are in your browser. Nice of you to let us know, though.
That seems to make little difference in this case apparently, check the news dude, otherwise you would Be advised to just insure that your anti virus is up to date and firewall turned on.. this time it’s a pretty big flaw.. they are advising to use a different browser entirely at the moment.
It does make a difference – If you use high quality security appz & properly configure them PLUS know how to use and control internet connections through your firewall then YOU control what your computer receives and sends out.
I used to get about 5 bugs a day with IE7, But I rarely even see one anymore now that I have switched to Firefox.At least IE keeps developers like Add-Aware in a job I guess.
I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future.