From Yahoo!
Major flaw revealed in Internet Explorer; users urged to switch
Tue Dec 16, 2008 11:49AM EST
The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications -- and they're not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.
Virtually all security experts (as well as myself) are counseling users to switch to any other web browser -- none of the others are affected, including Firefox, Chrome, and Opera -- at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." Microsoft adds that it is working on a fix but has offered no ETA on when that might happen. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds. (Some reports state, however, that the fixes do not actually work.)
Full article => http://tech.yahoo.com/blogs/null/111811
From ISS
Microsoft Internet Explorer Data Binding Code Execution
| Notification Type: | IBM Internet Security Systems Protection Alert |
| Notification Date: | December 11, 2008 |
| Notification Version: | 1.4 |
| Name: | Microsoft Internet Explorer Data Binding Code Execution |
| Public disclosure/ In the wild date: | Dec 9, 2008 (active exploitation reported) |
| CVE: | CVE-2008-4844 |
| Description: | Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error in data binding while parsing a Web page. Active exploitation is expanding. See Business Impact section for details. |
Full article => http://www.iss.net/threats/317.html
From Microsoft
Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 15, 2008
Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.
Full article => http://www.microsoft.com/technet/security/advisory/961051.mspx
No comments:
Post a Comment