Another critical IE flaw



I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of “driveby downloads” using this tactic consider alternative browsers until you’re patched. (Although in reality, with IE’s integration in Windows, it’s hard to be completely safe this way with other apps using IE to view html objects….)


The best advice at this point seems to be to disable active scripting. If you’re running a fully patched IE 6, you’re vulnerable to this attack. However the most recent “refresh” of the IE 7 beta is not vulnerable (Beta 2 of IE 7 is, but if you’ve got the more recent refresh you should be safe.)

Sans is going to Yellow to raise awareness of the bug and active exploits. There is a nother bug that’s been recently discovered as well, at this point the other bug appears to be more of a nuisance “cause Explorer to crash when visiting a site” bug, however, clever people sometimes find ways to make nuisance bugs slightly more important.

Secunia Advisory is here. Microsoft Incident Response blog here.

A quick google turned up a few guides to disabling active scripting…. one such is here.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF patch is the first patch for Microsoft Vista It seems the WMF patch that was recently released for Windows 2000 and XP (and 2003) has been ported to Microsoft Windows Vista Beta.... This makes it the first security patch for Vista. eweek has an article on the issue. So, if you're beta testing Vista, get it updated ASAP.......
  • Zero Day explorer update again There doesn't seem much new on this front, but... The register is talking about it., US-CERT says the exploit code is publicly available, although Microsoft says they're not aware of any attacks. And Secunia has an advisory (I'm not sure, I may have mentioned the Secunia advisory earlier.) I'm not......
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
Blog Traffic Exchange Related Websites
  • Fake Windows XP activation trojan goes 2.0 Known as Kardphisher and “in the wild” since April, 2007, last week the malware author of this trojan horse mimicking the Windows XP activation interface while collecting the credit card details the end user has submitted, has made significant changes to visual interface and usability of the trojan, consequently improving......
  • Windows 7 - First impressions So far so good - I installed the beta on a couple of laptops in the last month, and so far I like what I see.  It's very much Vista centric, but without the sllllloooooowwwwwness.  Boot time is much improved (under a minute) and there are some added features that......
  • Microsoft Plans Emergency Windows Patch for Monday August 2nd Microsoft stated they will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.  The patch is set to be released on Monday at around 10 a.m. California time.  The news of this vulnerability surfaced 2 weeks ago and with an of attackers trying to exploit this......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site