Serious security flaw found in IE

Demon_Skeith

Administrator
Staff member
Administrator
89,184
2007
4,747
Credits
42,977
Full year of Nintendo Online
Steal Penalty
You're Rich Money Bags Award
Profile Music
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world's computer users.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

Browser bait

"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

He added: "We're trying to get this resolved as soon as possible.

"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."

Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.

"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said.

PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."

"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.

source

IE fails, and now it's a fact!
 
okay, a .02 percent of sites... for every what 100 thousand sites you will go to, you get 2 viruses? I LOVE THOSE ODDS, how about you?
 
It's crazy to think about. You just gotta watch where you go and have the right set up on your computer.
 
I've been using IE for about four years. It's performance will depend on what sites you're going to and whether or not your PC is vulnerable to these kinds of threats.

And best of all, to have to right kind of Internet firewall for your PC which is how most attacks come in and out.
 
I think if you visit mostly trusted websites like youtube.com, google.com, and websites owned by multi-billion dollar companies then the sites should be safe no matter what browser you use since all those companies have a good security team I bet.

But, if you visit those illegal file sharing, adult, gambling sites you are more likely to get problems.

I been using IE for a few years and got no known viruses.

If you have a decent firewall like Comodo, anti-virus like AVG, Antivir, Avast, keep Windows Update up to date, and be careful online you should be fine.

Plus, Download.com and sourceforge.net have good software that is spyware and virus free, so it is better to download from trusted sites.
 
Simple, follow these rules.

Only download files from trusted area, and even then, make sure you know there could be some danger involved. I dont reccommend using P2P(Peer 2 Peer) downloads as I dont find them safe.

Dont stray out of your comfort zone.

Have a desent anti-virus, I suggest AVG, I just use the free and I havnt had any issues.
 
You guys can download and use McAfee SiteAdvisor browser plugin for IE and Firefox to help you identify and warn you of potential dangerous sites on the Net. Also you can click on the SiteAdvisor button itself to see the reviews of what other web surfers are saying about a particular site in question, that is if you suspect that a website isn't legitimate.
 
Microsoft has finally released an update to plug the vulnerability, be sure to visit Microsoft Update to download and install it.

I've just installed the IE security patch about an hour ago.
 
QUOTE (Spiritwarrior @ December 18, 2008 04:12 am) Microsoft has finally released an update to plug the vulnerability, be sure to visit Microsoft Update to download and install it.

I've just installed the IE security patch about an hour ago.
It's only for IE7 though


Still, I use FF3 so I'm fine.
 
QUOTE (Spiritwarrior @ December 18, 2008 04:12 am) Microsoft has finally released an update to plug the vulnerability, be sure to visit Microsoft Update to download and install it.

I've just installed the IE security patch about an hour ago.
Thanks, I am in the process of updating IE now.

I think everyone who uses Firefox, and alternative Browsers should not be so confident they would be safe since every program have security problems, so it is good practice not to go on untrustwrothy file sharing sites, adult sites, scam and spam sites and shady online gambling sites.

Plus, most hackers and virus makers usually don't tell you that a program is vulnerable since it will defeat the purpose of trying to hack and infect into someones computer.
 
Back
Top