Another critical IE flaw



I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of “driveby downloads” using this tactic consider alternative browsers until you’re patched. (Although in reality, with IE’s integration in Windows, it’s hard to be completely safe this way with other apps using IE to view html objects….)


The best advice at this point seems to be to disable active scripting. If you’re running a fully patched IE 6, you’re vulnerable to this attack. However the most recent “refresh” of the IE 7 beta is not vulnerable (Beta 2 of IE 7 is, but if you’ve got the more recent refresh you should be safe.)

Sans is going to Yellow to raise awareness of the bug and active exploits. There is a nother bug that’s been recently discovered as well, at this point the other bug appears to be more of a nuisance “cause Explorer to crash when visiting a site” bug, however, clever people sometimes find ways to make nuisance bugs slightly more important.

Secunia Advisory is here. Microsoft Incident Response blog here.

A quick google turned up a few guides to disabling active scripting…. one such is here.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • WMF patch is the first patch for Microsoft Vista It seems the WMF patch that was recently released for Windows 2000 and XP (and 2003) has been ported to Microsoft Windows Vista Beta.... This makes it the first security patch for Vista. eweek has an article on the issue. So, if you're beta testing Vista, get it updated ASAP.......
Blog Traffic Exchange Related Websites
  • 4 Tips on How to Get Active Right Now If you're trying to turn your life around and start getting more exercise, that first step you take will be the hardest. It's always hard to make a change and stop taking the easy way out, but you're going to have to stay committed if you want to achieve......
  • Fake Windows XP activation trojan goes 2.0 Known as Kardphisher and “in the wild” since April, 2007, last week the malware author of this trojan horse mimicking the Windows XP activation interface while collecting the credit card details the end user has submitted, has made significant changes to visual interface and usability of the trojan, consequently improving......
  • Microsoft Plans Emergency Windows Patch for Monday August 2nd Microsoft stated they will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.  The patch is set to be released on Monday at around 10 a.m. California time.  The news of this vulnerability surfaced 2 weeks ago and with an of attackers trying to exploit this......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site