Serious security flaw found in IE

[Skeithex]

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world's computer users.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

Browser bait

"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

He added: "We're trying to get this resolved as soon as possible.

"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."

Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.

"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said.

PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."

"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.

source

IE fails, and now it's a fact!

[froggyboy604]

I wonder if I visit any of the 0.02% of the world websites.

I agree with the last statement most "Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation,"

[Skeithex]

I wonder if I visit any of the 0.02% of the world websites.

I agree with the last statement most "Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation,"

considering other browsers are free and IE is something you have to pay for this should be happening to the free browsers not the ones you have to pay for. so that tells you something about the quality of other browsers.

[froggyboy604]

I think I slowly move to Google Chrome, but it has text inputing issues. I notice.

[Liddo Annie]

I sit back point and Laugh.

then I'd be pissed if Microsoft demands ALL new software in the future, is only compatible with what ever new system they have. I was told microsoft was doing something like that.

[SetoTK]

considering other browsers are free and IE is something you have to pay for this should be happening to the free browsers not the ones you have to pay for. so that tells you something about the quality of other browsers.

Last i checked IE was free.

i have news for you, ALL browsers WILL have a "Critical Security Flaw" at some time or another.


fair due to MS at least they don't release applications with "critical security flaws" Crapple and Mozilla come to mind there

I sit back point and Laugh.

then I'd be pissed if Microsoft demands ALL new software in the future, is only compatible with what ever new system they have. I was told microsoft was doing something like that.

well windows XP is ancient, and windows 7 will run on the same architecture as vista by then most systems will be 64bit.

Microsoft are a company there goals is to make money, and they do this by forcing folk to upgrade and fork out the upgrade fee, like adobe just MS charge wayyyyy less

[Skeithex]

considering other browsers are free and IE is something you have to pay for this should be happening to the free browsers not the ones you have to pay for. so that tells you something about the quality of other browsers.

Last i checked IE was free.

i have news for you, ALL browsers WILL have a "Critical Security Flaw" at some time or another.


fair due to MS at least they don't release applications with "critical security flaws" Crapple and Mozilla come to mind there

I sit back point and Laugh.

then I'd be pissed if Microsoft demands ALL new software in the future, is only compatible with what ever new system they have. I was told microsoft was doing something like that.

well windows XP is ancient, and windows 7 will run on the same architecture as vista by then most systems will be 64bit.

Microsoft are a company there goals is to make money, and they do this by forcing folk to upgrade and fork out the upgrade fee, like adobe just MS charge wayyyyy less

last time I checked IE and netscape are browsers that people have to pay to have.