Update on Internet Explorer Exploit in the wild
If you use Internet Explorer to browse the web, I’d suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft’s infinite wisdom that “Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site”…. the reality is that legitimate sites have been hacked and the malicious code has been added. (Over 200 legit sites…)
Good details on this come from The security fix. The available options seem to be 1) disable active scripting (some sites may not work after this unless you add them to trusted sites…) 2) download IE7 beta2 preview (unstable beta browser?) 3) USE ANOTHER BROWSER. I would highly recommend option 3 and/or option 1, in that order…. The most popular rendition of this exploit seems to be dropping software that’s collecting private information.
Hopefully there will be an out of cycle patch for this, but from Microsoft’s official releases, it doesn’t seem they see it as a big problem “an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site”
If you’re interested in more details in what’s getting collected… Sans has a page analyzing some of what’s being snatched.
Be cautious….
Popularity: 1% [?]
Related Posts - Cleaning up after WMF exploit - BHO removal Browser helper objects (BHO's) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I've used BHOdemon in the past to identify and disable BHO's and a tool like that is the preferred method. However, in my......
- Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
- How Microsoft could patch VML vulnerability before October's patch day SO, there's the second big vulnerability exploit for Internet Explorer making the rounds in about a week and Microsoft's advisory says that the most recent flaw will likely be patched on October's patch day ("unless the need arises...") So, what would trigger that need? Lot's of browsers being subjected to......
Related Websites - Understanding The Various Layers Of Web Development To realise web development fully, you first must understand what goes in to this process layer by layer. Here's what you have to know about it. One of the most important layers of web development is content. This is the main thing that pulls people to your site and this......
- Should You Use Free Blogging Sites? There are certainly many blogging sites online today. It has become the biggest trend in communications for business and for personal reasons. A blog is a wonderful business tool that allows you to build a presence online as an expert in your field and develop a following of loyal readers.......
- Reciprocal Link Building - Double The Web Traffic To Your Site Reciprocal Link Building - Double The Web Traffic To Your Site Reciprocal reciprocal link building is one of the best ways to attract a substantial amount of web traffic to your site. In this process, you have to exchange link with another high traffic website. You start the process by......
Similar Posts
- Another critical IE flaw
- IE exploit unofficial patches
- Exploit for Unpatched Internet Explorer vulnerability
- Another IE security flaw this one could lead to data theft
- Workaround for the critical WMF zero-day exploit