Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
New Microsoft Internet Explorer allows flaw
12-12-2008, 08:44 PM,
#1
New Microsoft Internet Explorer allows flaw
New Microsoft Internet Explorer allows flaw
By SHAUN WATERMAN, UPI Homeland and National Security Editor
Published: Dec. 11, 2008 at 8:10 PM
Order reprints | Feedback

WASHINGTON, Dec. 11 (UPI) -- Software giant Microsoft is advising users of its Internet Explorer browser to turn their security settings to the highest levels to guard against a newly discovered flaw that enables hackers to take over the computer of anyone visiting a compromised Web site.

Such "drive-by downloads" are especially dangerous because malicious software is loaded as soon as the victim computer arrives at the site, without the user having to take any additional action, such as clicking on a pop-up window. Hackers can even load exploits into fake banner advertisements on innocent Web sites, if they can get access to the server that hosts them.

A security advisory from Microsoft said its researchers were "actively investigating the vulnerability," which had not been widely exploited by hackers so far. "On completion of this investigation, Microsoft will take the appropriate action to protect our customers."

"At this time, we are aware only of limited attacks that attempt to use this vulnerability," reads the advisory, adding that "they are not successful against customers who have applied the workarounds listed."

Customers are warned to turn the security-level setting on Internet Explorer to high, or to take other actions to prevent Explorer running Web scripts automatically. Such scripts animate banner ads or other moving pictures and interactive features, and disabling them interferes with viewing and using sites that use them.

"Setting the level to high may cause some Web sites to work incorrectly," notes the Microsoft advisory.

Millions of users of Internet Explorer, including those working for Fortune 500 companies and the U.S. government, are vulnerable to attack by hackers exploiting the vulnerability, which, depending on the way the exploit software is written, can download a variety of malicious payloads on to the affected computer.

Trojan attacks like those enabled by this latest vulnerability are a major way that home and corporate or government computers are recruited into so-called bot-nets, or robot networks of slave computers that, unbeknownst to their users, are being used to send spam or take part in cyberattacks.

Trojans also can be used to steal logins and passwords, and that was what the small number of exploits seen so far are designed to do.

Internet security intelligence research outfit iDefense said the vulnerability was accidentally disclosed by a Chinese security research firm called Knownsec. The firm disclosed the leak in a Chinese-language Web posting earlier this month. The posting said the researcher responsible wrongly believed the vulnerability had already been patched by Microsoft. Patches are updates to software that are automatically distributed by vendors to all their customers, who can then download and install them to protect their computers from the latest known threats.

Newly discovered security flaws like the one acknowledged Wednesday by Microsoft are called Zero-Day vulnerabilities and are especially prized by hackers, because even a fully patched system can be infected by a malicious software package.

iDefense said after this vulnerability leaked, it was sold for about $15,000 and then used to create a Trojan horse malicious software program designed to steal the logins and passwords of Chinese war-gamers playing in online virtual worlds like World of Warcraft.

"The four versions of the exploit we've seen so far are designed to steal Chinese gamer credentials," said Richard Howard, iDefense director of intelligence, "but the exploit is so juicy, we expect to see it spread fast."

He said the workarounds advised by Microsoft were effective against the versions seen so far, but there are ways of exploiting the new vulnerability that would not be prevented by blocking scripts.

"This is going to be a lasting threat until Microsoft gets it patched," he said. "Home users could switch to alternate browsers and be safe," he said. But corporate or government users would "have a harder time with that," at least "in the short term."

Non-Microsoft Web browsers like Firefox, Opera or Safari are considered to be more secure by some experts, if only because so much more malicious software is written to exploit Internet Explorer, which dominates the browser market.

Microsoft spokesman Christopher Budd said in a statement that, if necessary, the company would issue a special "out of cycle" patch for the vulnerability, "depending on customer needs." Generally Microsoft issues updates to all its software on the second Tuesday of every month, but periodically the company issues special patches, usually to deal with a newly discovered flaw like this one.

UPI
Reply
12-12-2008, 10:31 PM,
#2
New Microsoft Internet Explorer allows flaw
What? A new Microsoft product with a critical flaw? Tell me it isn't so! [/sarcasm] :LOL:

“Today’s scientists have substituted mathematics for experiments, and they wander off through equation after
equation, and eventually build a structure which has no relation to reality. ” -Nikola Tesla

"When the power of love overcomes the love of power the world will know peace." -Jimi Hendrix
Reply
12-14-2008, 01:22 AM,
#3
New Microsoft Internet Explorer allows flaw
Im sure IE isnt the only one with flaws. Its just that Microsoft admits things when the others stay quiet.
[Image: Palestinian_Dawn_by_Palestinian_Pride.jpg]
Reply
12-16-2008, 10:24 PM,
#4
New Microsoft Internet Explorer allows flaw
Quote:Im sure IE isnt the only one with flaws. Its just that Microsoft admits things when the others stay quiet.

I was just waiting for this announcement to say that is simply not true, MMG.
IE exploit, urged by experts to switch to a rival browser

Don't put Microsoft on a pedestal. They are about money and not the products or service to the user. They are another giant corporation that is only concerned with money no matter what lip service they give to anything else. Why do you think Gates has been so involved in the Big Boys Globalization game?
“Today’s scientists have substituted mathematics for experiments, and they wander off through equation after
equation, and eventually build a structure which has no relation to reality. ” -Nikola Tesla

"When the power of love overcomes the love of power the world will know peace." -Jimi Hendrix
Reply
12-17-2008, 12:04 AM,
#5
New Microsoft Internet Explorer allows flaw
lol, did MG just back up MS?
Reply
12-17-2008, 08:56 PM,
#6
New Microsoft Internet Explorer allows flaw
Im not backing up IE, Im just saying all the browsers and products and services have their flaws and all want to make money, not just ms. I know Gates is all about globalization and money making, but thats just justifying that hes a better business man than the others. Im sure if FF was given the opportunity to go larger than what it is now, it would take the the chance.
[Image: Palestinian_Dawn_by_Palestinian_Pride.jpg]
Reply
04-05-2009, 05:31 PM,
#7
New Microsoft Internet Explorer allows flaw
Why can't the data going out be blocked.
I see new activity all the time.
The latest was Vital Stream 74.201.0.130 that apparently
could not load a page full of art without the modem sending
back a signal.

Reply
05-10-2009, 09:15 PM,
#8
New Microsoft Internet Explorer allows flaw
I swear by FF with noscript addon ;)
Reply
05-11-2009, 09:58 AM,
#9
New Microsoft Internet Explorer allows flaw
Quote:Why can't the data going out be blocked.
I see new activity all the time.
The latest was Vital Stream 74.201.0.130 that apparently
could not load a page full of art without the modem sending
back a signal.
That's how browsers interact with web sites - they make requests for resources on the server, so they must send back signals.
[Image: randquote.png]
Reply
05-11-2009, 10:04 AM,
#10
New Microsoft Internet Explorer allows flaw
Quote:Im not backing up IE, Im just saying all the browsers and products and services have their flaws and all want to make money, not just ms.
I use open source software written by people who aren't asking for any money.

Sure, I'm a "one percenter", but I don't have to worry that the code has back doors, since thousands of people are constantly looking for flaws in the source code and patching almost always before the vulnerability is published. You can't say that about Microsoft or Apple...
[Image: randquote.png]
Reply
05-12-2009, 04:25 PM,
#11
New Microsoft Internet Explorer allows flaw
A classic exchange from another forum where IE8 was being discussed:

Being a Linux zealot, I facetiously asked "What's Internet Explorer?"

The golden response, from a clever lady called Anna-Bannana: "Internet Explorer is a program that you use to download a web browser."

:LOL:

And yes, CG, the answer is to dump Windows and use Linux. Ubuntu is a heck of a lot easier to use than Vista, that's for sure.
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH
Reply
05-29-2009, 01:27 AM,
#12
New Microsoft Internet Explorer allows flaw
I started using it today its real pretty and feels real fast LOL!!
In the 60's, people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal.

As a reputed atheist, the reverential nature of his film was surprising, but Pasolini himself said &If you know that I am an unbeliever, then you know me better than I do myself. I may be an unbeliever, but I am an unbeliever who has a nostalgia for a belief.&


[Image: Copyofsoldier2.jpg]
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Alternatives to the internet shortwave 32 7,101 04-23-2014, 08:58 PM
Last Post: CharliePrime
Exclamation Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet temp9 7 1,665 04-10-2014, 03:36 PM
Last Post: temp9
  Free Google internet access Orwell63 4 645 12-17-2013, 12:17 AM
Last Post: Watchdog
  Internet Storm Center Status JFK 0 533 09-24-2013, 01:26 PM
Last Post: JFK
  Microsoft says Windows 8 is a Failure! shortwave 14 1,578 05-15-2013, 09:56 PM
Last Post: ComradeRed
  Get rid of Internet Explorer (again) - It’s more like an exploit than a browser h3rm35 6 897 04-20-2013, 04:06 PM
Last Post: CharliePrime
  Clover: Windows Explorer with Tabs (freeware) thokling 0 516 04-08-2013, 03:50 PM
Last Post: thokling
  Web wipeout: Syria suffers nationwide internet blackout zoverload 1 520 11-29-2012, 06:46 PM
Last Post: FastTadpole
  Malware may knock thousands off the internet on Monday zoverload 0 447 07-06-2012, 04:03 PM
Last Post: zoverload
  DNSSEC: the internet's International Criminal Court? h3rm35 3 2,500 04-27-2012, 10:10 AM
Last Post: FastTadpole

Forum Jump:


Users browsing this thread: 1 Guest(s)