Friday 21st November 2014 Login | Register

Security Alert Issued for Internet Explorer Zero-Day Flaw

December 16th, 2008 at 10:59 by Peter Jackson

It’s not a good day to be using Internet Explorer.  As reported today by the BBC, if you’re using the world’s most used web browser you’re being advised to switch to an alternative until a reported serious security flaw has been patched.

Anti-virus software maker Trend Micro has reported that “Microsoft’s recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs”.

This flaw leaves all versions of Internet Explorer potentially open to a ‘drive-by’ attack on its vulnerability.  This could allow criminals to take control of computers and steal passwords if viewing a compromised website. 

As many as 10,000 websites have been found rigged with a malicious JavaScript. This checks for the IE version installed on the affected system, since this exploit targets not just IE7 but is reported as potentially affecting all versions.  After a successful exploit, it triggers a series of redirections to multiple URLs, and then finally connects to one of several different domains.

It’s reported that much of this criminal activity is being perpetrated by a Chinese underground who are stealing gaming passwords.  The seriousness of this however is not lost on Microsoft which says it has detected attacks against version seven of the browser.  Microsoft is investigating the problem and preparing an emergency software patch to resolve it.

The flaw could be “adopted by more financially motivated criminals” a Trend Micro security researcher is reported as saying.

 

So, what are the alternatives for a Windows user?

For the majority of people Firefox would most likely trip off the tongue, but even this has been reported as having its own vulnerabilities, leading it to only yesterday top the list of the ‘12 most vulnerable apps’ over at zdnet.

It should perhaps be noted however that this report is seemingly based in Firefox having identified and patched ‘10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed links, documents, JavaScript and third party tools’. And patched is good right?

Oddly Internet Explorer doesn’t itself make the list, putting the article’s objectivity, according to observers, in some doubt.

Whatever browser you use then, you’re advised to use and keep updated good anti-virus software. And make sure you’re installing the latest security patches for the software you use.  When you can catch a ‘cold’ simply by browsing the ‘wrong’ website you’ve got to take precautions.. it’s a case of ‘stay patched, stay safe’. 

 

For Windows users then the alternatives to IE7 are:

Firefox: download

Chrome: download

Opera: download

Safari: download

 

Update Dec 17th: Microsoft Security Response Centre reports that a patch will be issued later today to address this security flaw.

petejackson

This entry was posted by Peter Jackson on Tuesday, December 16th, 2008 at 10:59 am and is tagged with , , , , and is posted in the category Tech News. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


4 comments on "Security Alert Issued for Internet Explorer Zero-Day Flaw"

Jamie_Hardy

Firefox is safer with the NoScript add-on https://addons.mozilla.org/en-US/firefox/addon/722

derboff

Thx I don't know if I would have picked it out with out the RSS feed of this... Opera ftw

derboff

Opera ftw thxs for the RSS feed

Plusnet Referrals

Photos

photo photo photo

View More

Forums

Users online: 188

  • Total Topics: 132038
  • Total Posts: 1169342
  • Total Members: 27665

Visit the Forums

Plusnet

Force9

Metronet

Free-Online

Madasafish

PAYH

Just The Name

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We're a Yorkshire-based provider selling broadband and phone services to homes and businesses throughout the UK. Winner of the ISPA 2010 'Best Consumer Customer Service ISP' Award, we're proud to offer the UK's best value standalone broadband.

© Plusnet plc All Rights Reserved. E&OE

Community Site News.. is powered by WordPress

Add to Technorati Favourites