Computer Tips -Tech Info

There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it won’t be long before it’s bundled into other malware delivery structures…. You might look at alternative browsers, BUT…. be forewarned that one of these vulnerabilities appears to work on a fully patched install of Mozilla-Firefox. (According to Sans – the Secunia code doesn’t – but the full disclosure exploit code does affect Firefox.) I’ve seen word of early 1.5.0.5 builds being available – I wonder if that will be modified to fix this issue?

The Excel flaws have been talked about for a while, code is now available which ratchets up the concern around those. For web browsing – it might be worthwhile to consider browsers other than IE unless absolutely necessary. Yes, firefox is affected by one of these, but time to patch has typically been shorter for browsers OTHER than IE.

Avoid clicking links in unexpected emails/attachments in unexpected emails. It’s all a matter of trust….

For IE users – you might protect yourself by running as a limited user or one of the various programs that will let IE drop priviliges. Sandboxie.com might be one possibility for you.

–UPDATE — 6/30/06 –

It appears that Firefox IS NOT VULNERABLE to the above vulnerabilities. According to SANS there had been some initial concern that one of these vulnerability exploits also worked with Firefox. Further investigation has turned that out to be false. There’s also a brief comment at a mozillazine.org weblog on the issue (referring to the SANS post.)

Popularity: 1% [?]

   Send article as PDF   

• Ebay "sell your item" upgrade leaves linux behind? Ebay is apparently aware of some problems with their new "Sell your item" tool and linux web browsers. The linux.com article above says that they tried with several browsers windows/linux/mac and the common denominator was linux. Even firefox on linux failed where firefox on windows worked (and the user agent......
• Mozilla Firefox passes 80 million downloads According to the counter at spreadfirefox.com, Firefox has now surpassed 80 million downloads. (Well 80.1 million when I looked.) Version 1.0 of Mozilla Firefox was released ~9 months ago. That's a great (and impressive) number, but realistically there are a few things that it doesn't reflect. 1: multiple downloads by......
• Microsoft December 2005 Security updates Sans has the tip that information on the critical Windows updates expected tomorrow from Microsoft has started to be released. MS 05-54: Cumulative Security Update for Internet Explorer This will hopefully patch the javascript issues... MS 05-55: Vulnerability in Windows Kernel Could Allow Elevation of Privilege. More later in the......

• FTP And Other File Transfer Tools In Web Hosting Anything related to the Internet or computers is bound to introduce technical issues pretty soon. One of the earliest that novice web site owners encounter is FTP, which is an acronym for File Transfer Protocol. Seeing it spelled out, it's easy to see why those in the know quickly move......
• Apple claims Safari 4 to be the Fastest Browser Safari 4 is World's fastest browser: Apple When compared to other browsers, Apple boasts that Safari 4’s JavaScript is up to eight times faster than IE 8 and more than four times faster than Firefox 3; and Safari 4 loads HTML web pages more than three times faster than IE......
• Google Chrome, Firefox, Internet Exlporer, Safari... WHICH INTERNET BROWSER DO I USE?! Unless you spend a lot of time reading the specifications and hard details of internet browsers, you probably don't know what half of internet browser reviewers are talking about.  When I read that Google Chrome uses the latest NVIDIA 8600 Graphics Unit, my head starts to explode a little.  And......

Similar Posts

• Another Microsoft Office Vulnerability
• Junk mail can be REALLY nasty
• Exploits in the wild and other news
• Microsoft security roundup
• 7 Updates coming from Microsoft in July

This entry was posted on Thursday, June 29th, 2006 at 11:04 am and is filed under Computers, Security, Security-Vulnerabilities, Windows Software. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.