Update on Internet Explorer Exploit in the wild



If you use Internet Explorer to browse the web, I’d suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft’s infinite wisdom that “Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site”…. the reality is that legitimate sites have been hacked and the malicious code has been added. (Over 200 legit sites…)


Good details on this come from The security fix. The available options seem to be 1) disable active scripting (some sites may not work after this unless you add them to trusted sites…) 2) download IE7 beta2 preview (unstable beta browser?) 3) USE ANOTHER BROWSER. I would highly recommend option 3 and/or option 1, in that order…. The most popular rendition of this exploit seems to be dropping software that’s collecting private information.

Hopefully there will be an out of cycle patch for this, but from Microsoft’s official releases, it doesn’t seem they see it as a big problem “an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site”

If you’re interested in more details in what’s getting collected… Sans has a page analyzing some of what’s being snatched.

Be cautious….

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft vulnerability whack-a-mole continues..... Translation - Microsoft patched one vulnerability another surfaces.... Incidents.org brings us the frustrating news.... If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released......
  • 7 Updates coming from Microsoft in July We can expect 7 updates next week from Microsoft on the monthly patch day for July. Four of the updates will be for Windows, and 3 for Microsoft Office. There will be at least one critical update for each. It's expected that we'll see an update for the Excel issues......
  • Cleaning up after WMF exploit - BHO removal Browser helper objects (BHO's) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I've used BHOdemon in the past to identify and disable BHO's and a tool like that is the preferred method. However, in my......
Blog Traffic Exchange Related Websites
  • Link Building Plus Web Page Marketing link building is important for any web owner; online businesses cannot endure in the cut-throat digital world of the internet without having back links. Major corporations also hire SEO services to help them with optimizing their website and building links to generate attention in the online community. Although not......
  • Effective Ways to Get Traffic to Affiliate Sites Traffic is one of the most difficult things to get as an affiliate. How do you get it without wasting your money and how do you get traffic that actually converts into sales or leads? One thing is absolutely clear to any affiliate who gets started promoting products: it’s virtually......
  • Should You Use Free Blogging Sites? There are certainly many blogging sites online today. It has become the biggest trend in communications for business and for personal reasons. A blog is a wonderful business tool that allows you to build a presence online as an expert in your field and develop a following of loyal readers.......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site