cancel
Showing results for 
Search instead for 
Did you mean: 

Security Alert Issued for Internet Explorer Zero-Day Flaw

Security Alert Issued for Internet Explorer Zero-Day Flaw

Security Alert Issued for Internet Explorer Zero-Day Flaw

It's not a good day to be using Internet Explorer.  As reported today by the BBC, if you're using the world's most used web browser you're being advised to switch to an alternative until a reported serious security flaw has been patched. Anti-virus software maker Trend Micro has reported that "Microsoft's recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs". This flaw leaves all versions of Internet Explorer potentially open to a ‘drive-by' attack on its vulnerability.  This could allow criminals to take control of computers and steal passwords if viewing a compromised website.  As many as 10,000 websites have been found rigged with a malicious JavaScript. This checks for the IE version installed on the affected system, since this exploit targets not just IE7 but is reported as potentially affecting all versions.  After a successful exploit, it triggers a series of redirections to multiple URLs, and then finally connects to one of several different domains. It's reported that much of this criminal activity is being perpetrated by a Chinese underground who are stealing gaming passwords.  The seriousness of this however is not lost on Microsoft which says it has detected attacks against version seven of the browser.  Microsoft is investigating the problem and preparing an emergency software patch to resolve it. The flaw could be "adopted by more financially motivated criminals" a Trend Micro security researcher is reported as saying.   So, what are the alternatives for a Windows user? For the majority of people Firefox would most likely trip off the tongue, but even this has been reported as having its own vulnerabilities, leading it to only yesterday top the list of the ‘12 most vulnerable apps' over at zdnet. It should perhaps be noted however that this report is seemingly based in Firefox having identified and patched ‘10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed links, documents, JavaScript and third party tools'. And patched is good right? Oddly Internet Explorer doesn't itself make the list, putting the article's objectivity, according to observers, in some doubt. Whatever browser you use then, you're advised to use and keep updated good anti-virus software. And make sure you're installing the latest security patches for the software you use.  When you can catch a 'cold' simply by browsing the 'wrong' website you've got to take precautions.. it's a case of 'stay patched, stay safe'.    For Windows users then the alternatives to IE7 are: Firefox: download Chrome: download Opera: download Safari: download   Update Dec 17th: Microsoft Security Response Centre reports that a patch will be issued later today to address this security flaw.

0 Thanks
4 Comments
1222 Views
4 Comments
Jamie_Hardy
Dabbler
Firefox is safer with the NoScript add-on https://addons.mozilla.org/en-US/firefox/addon/722
derboff
Grafter
Thx I don't know if I would have picked it out with out the RSS feed of this... Opera ftw
derboff
Grafter
Opera ftw thxs for the RSS feed
bobpullen1
Not applicable
There have been patches for IE, Opera & Firefox over the last day or so in response to recently identified security vulnerabilities - http://news.bbc.co.uk/go/rss/-/1/hi/technology/7787445.stm http://www.ghacks.net/2008/12/17/firefox-305-security-update/ http://www.heise-online.co.uk/security/Security-update-for-Opera--/news/112264