Sunday 14th February 2016 Login | Register

Security Alert Issued for Internet Explorer Zero-Day Flaw

December 16th, 2008 at 10:59 by Peter Jackson

It's not a good day to be using Internet Explorer.  As reported today by the BBC, if you're using the world's most used web browser you're being advised to switch to an alternative until a reported serious security flaw has been patched.

Anti-virus software maker Trend Micro has reported that "Microsoft's recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs".

This flaw leaves all versions of Internet Explorer potentially open to a ‘drive-by' attack on its vulnerability.  This could allow criminals to take control of computers and steal passwords if viewing a compromised website. 

As many as 10,000 websites have been found rigged with a malicious JavaScript. This checks for the IE version installed on the affected system, since this exploit targets not just IE7 but is reported as potentially affecting all versions.  After a successful exploit, it triggers a series of redirections to multiple URLs, and then finally connects to one of several different domains.

It's reported that much of this criminal activity is being perpetrated by a Chinese underground who are stealing gaming passwords.  The seriousness of this however is not lost on Microsoft which says it has detected attacks against version seven of the browser.  Microsoft is investigating the problem and preparing an emergency software patch to resolve it.

The flaw could be "adopted by more financially motivated criminals" a Trend Micro security researcher is reported as saying.


So, what are the alternatives for a Windows user?

For the majority of people Firefox would most likely trip off the tongue, but even this has been reported as having its own vulnerabilities, leading it to only yesterday top the list of the ‘12 most vulnerable apps' over at zdnet.

It should perhaps be noted however that this report is seemingly based in Firefox having identified and patched ‘10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed links, documents, JavaScript and third party tools'. And patched is good right?

Oddly Internet Explorer doesn't itself make the list, putting the article's objectivity, according to observers, in some doubt.

Whatever browser you use then, you're advised to use and keep updated good anti-virus software. And make sure you're installing the latest security patches for the software you use.  When you can catch a 'cold' simply by browsing the 'wrong' website you've got to take precautions.. it's a case of 'stay patched, stay safe'. 


For Windows users then the alternatives to IE7 are:

Firefox: download

Chrome: download

Opera: download

Safari: download


Update Dec 17th: Microsoft Security Response Centre reports that a patch will be issued later today to address this security flaw.


This entry was posted by Peter Jackson on Tuesday, December 16th, 2008 at 10:59 am and is tagged with , , , , and is posted in the category Tech News. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

4 comments on "Security Alert Issued for Internet Explorer Zero-Day Flaw"


Firefox is safer with the NoScript add-on


Thx I don't know if I would have picked it out with out the RSS feed of this... Opera ftw


Opera ftw thxs for the RSS feed


Users online: 138

  • Total Topics: 146102
  • Total Posts: 1302258
  • Total Members: 33120

Visit the Forums







Just The Name

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We're a Yorkshire-based provider selling broadband and phone services to homes and businesses throughout the UK. Winner of the ISPA 2010 'Best Consumer Customer Service ISP' Award, we're proud to offer the UK's best value standalone broadband.

© Plusnet plc All Rights Reserved. E&OE

Community Site News.. is powered by WordPress

Add to Technorati Favourites