Another critical IE flaw



I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of “driveby downloads” using this tactic consider alternative browsers until you’re patched. (Although in reality, with IE’s integration in Windows, it’s hard to be completely safe this way with other apps using IE to view html objects….)


The best advice at this point seems to be to disable active scripting. If you’re running a fully patched IE 6, you’re vulnerable to this attack. However the most recent “refresh” of the IE 7 beta is not vulnerable (Beta 2 of IE 7 is, but if you’ve got the more recent refresh you should be safe.)

Sans is going to Yellow to raise awareness of the bug and active exploits. There is a nother bug that’s been recently discovered as well, at this point the other bug appears to be more of a nuisance “cause Explorer to crash when visiting a site” bug, however, clever people sometimes find ways to make nuisance bugs slightly more important.

Secunia Advisory is here. Microsoft Incident Response blog here.

A quick google turned up a few guides to disabling active scripting…. one such is here.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
  • MS05-053 Microsoft Windows Image Viewing Vulnerability Two notes on the Windows vulnerability patched day before yesterday. There is a trojan in the wild exploiting it and Symantec's AV definition to detect such an exploit is a bit too paranoid and flags lot's of emf files as having an exploit for the same. The workaround is to......
  • WMF patch is the first patch for Microsoft Vista It seems the WMF patch that was recently released for Windows 2000 and XP (and 2003) has been ported to Microsoft Windows Vista Beta.... This makes it the first security patch for Vista. eweek has an article on the issue. So, if you're beta testing Vista, get it updated ASAP.......
Blog Traffic Exchange Related Websites
  • Fake Windows XP activation trojan goes 2.0 Known as Kardphisher and “in the wild” since April, 2007, last week the malware author of this trojan horse mimicking the Windows XP activation interface while collecting the credit card details the end user has submitted, has made significant changes to visual interface and usability of the trojan, consequently improving......
  • How to Keep Finances Growing No matter how much money you make, for many people, it's never quite enough. In order to get ahead, you'll need to find a way to keep your finances growing. There are many different ways that you can grow your income, both actively and passively, and over time, these small......
  • 4 Tips on How to Get Active Right Now If you're trying to turn your life around and start getting more exercise, that first step you take will be the hardest. It's always hard to make a change and stop taking the easy way out, but you're going to have to stay committed if you want to achieve......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site