We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Internet Explorer Security flaw (merged)
Options
Comments
-
^ I was way too polite to say that.... DM links do NOT constitute proof in any argument, though, in this case the same story has been reported elsewhere so there's probably some truth in it...and a lot of scaremongering.
Microsoft may well have a fix by the time i press send on this message
Utinam logica falsa tuam philosophiam totam suffodiant.0 -
LOL. Good post :TTorrestheGreat wrote: »The only thing worse than IE is...The Daily Mail
Or the Beeb...
http://news.bbc.co.uk/1/hi/technology/7784908.stm
Still the top story in the Technology section.
There's a more realistic article here:
http://www.theregister.co.uk/2008/12/15/ie7_exploits/BSC No 248
Free, confidential advice
National Debtline 0808 808 4000 | StepChange 0800 138 1111 | CAB - Get Advice
0 -
whenever i re-format my PC (which is a lot!), IE is one of the first things I uninstall.0
-
Looks like an update will be pushed out tomorrow.
Link: Advance Notification for December 2008 Out-of-Band ReleaseWe’ve just published our Advance Notification for an out-of-band security bulletin release. We plan to release the security update tomorrow, Dec. 17, 2008 to address the vulnerability we’ve discussed in Microsoft Security Advisory 961051.Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0 -
Hi
This article was in the Times yesterday. Passing on for info purposes.
Microsoft admitted today that a serious flaw in security has left the majority of the world’s internet users exposed to attacks from hackers hoping to steal personal data and passwords.
A loophole in Internet Explorer (IE), the default web browser on most computers, allows criminals to commandeer victims’ PCs by tricking them into visiting unsafe websites.
It is thought that two million computers have already been affected as Microsoft conceded that 1 in 500 internet users may have been exposed.
Computer users are advised by some security experts to switch to an alternative internet browser, such as Firefox or Google Chrome, to avoid the hackers who have so far corrupted an estimated 10,000 websites.
Microsoft said that it is considering the release of an emergency update to correct the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the browser, but gave warning that other versions are also potentially vulnerable.
The hack was initially devised by Chinese criminals, who have been stealing computer game passwords that can be sold on the black market.
However, Paul Ferguson, a security researcher for Trend Micro Inc, an anti-spyware provider, said that the security breach is so severe that it could be “adopted by more financially motivated criminals for more serious mayhem — that’s a big fear right now”.
Since the security flaw was reported on December 9, Microsoft said that there has been an exponential increase in attacks attempting to make use of the vulnerability. These opportunistic hackers who exploit known security breaches are called “zero-day” attackers.
These threats occur as hackers race against software makers to attack the affected programmes, such as IE, before the known problems are repaired.
“Zero days are unusual — and zero days in the world’s most popular browser on the world’s most popular operating system are really unusual,” said a Trend Micro spokesman. “The threat from it is only going to grow."
John Curran, a spokesman for Microsoft, said: “Right now it’s affecting about 0.2 per cent of users who may have come in touch with the vulnerability.
“It has the potential to move world wide rather quickly so it’s a significant issue and that’s why Microsoft is working diligently to get it resolved as quickly as possible.
“We are recommending four steps [see below] which would protect you from the vulnerabilities we know today but there could be variations to the vulnerabilities.
“Obviously the chance for this to be exploited is there.”
The company is telling users to employ a series of complicated workarounds to minimise the threat. It has been suggested that increasing the internet security zone level to high and disabling Ole32db.dll in the access control list could help protect a computer.
Some security experts, though, have advised IE users switch to another browser until an update is released. The next scheduled patch is not due until January 13 but it is not unusual for Microsoft to release an emergency patch.
Microsoft have struggled to build an appropriate patch thus far because the affected component is at the very core of the IE programme and any changes to the central code could cause a number of unexpected side-effects.
Microsoft’s advice for Internet Explorer users
1. Keep your anti-virus up-to-date. Microsoft has circulated the definitions of these vulnerabilities to all the major anti-virus providers.
2. Reset Internet Explorer to run in protected mode. This is the default mode in Windows Vista but not XP or the earlier versions.
3. Set zone security to high.
4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.
More complex and comprehensive approaches are listed on the Microsoft website .
:beer:0 -
Thanks for the heads-up mickmg - will be sure to keep my security software updated.Where there's a will, there's a way to get something cheaper from somewhere else!!
0 -
Microsoft has said that it is aiming to issue an emergency patch to cover the security flaw in Internet Explorer at 1700GMT today.
After security experts gave further warnings about the IE vulnerability yesterday, Microsoft engineers worked to find a solution.
The result is a patch that will be issued on the afternoon of Wednesday 17 December.
"We plan to release the security update [on] 17 December 2008 to address the vulnerability we've discussed in Microsoft Security Advisory 961051," Christopher Budd of Microsoft said.
>>Security advice and help from Web User
Microsoft generally only releases security fixes on the second Tuesday of every month, a day known in the industry as 'Patch Tuesday'. It is unusual for the company to release patches out-of-cycle, though not unheard of.
www.microsoft.com/securityCan't sleep, quit counting sheep and talk directly to the shepherd :cool:0 -
Hi,
I have IE6.
Does this mean I am not affected?
Jo0 -
Hi,
I have IE6.
Does this mean I am not affected?
Jo
it affects all versions of Internet Explorer from IE5 to the latest beta of IE8.Meanwhile, I'll reiterate my recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated. (To clarify: You don't need to uninstall IE, just don't use it for the time being.)Can't sleep, quit counting sheep and talk directly to the shepherd :cool:0 -
Hi,
I have IE6.
Does this mean I am not affected?
Jo
Also having IE6 is pretty shaky anyway security wise. Unless there's an actual compatiblity issue preventing you from using IE7 (e.g. Windows pre XP/2000) then you should be upgrading to IE7 anyway. What operating system do you have?"She is quite the oddball. Did you notice how she didn't even get excited when she saw this original ZX-81?"
Moss0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards