Thread Tools Search this Thread
Unread 12th Dec 2008, 09:49 PM   #1
War Room Member
Patrician's Avatar
Join Date: 2004
Location: USA
Posts: 11,698
Thanks: 6,331
Thanked 2,668 Times in 1,802 Posts
More Dire Warnings About IE7 - Google Chrome Rocks!
Share on: 
fb share twitter share gplus share more share

Today there is yet another warning about serious breaches in security that were not addressed in the last patch issued by Microsoft. Mainly for IE7 but all versions are vulnerable. (IE7 is the most 'secure' - go figure).

Well, that was the last straw for me because I have been having bad trouble with IE7 for a while now otherwise.

It is crashing windows left and right and even though I have more than ample PC resources it can't handle stuff like music videos without freezing up and crashing my system.

In the last few days it is even crashing when I click a hyperlink.

I have looked at every other possibility and it can only be a piece of junk software like IE.

When I tried FireFox many times, although it is beautiful and has many good features, it doesn't get along with my security and literally drives me crazy with the dialogue when I am researching new domains and host servers in my work for PIPS.

I just happened to read that Google took Chrome out of beta already and released the full version in the last few days.

I've been using it all day and it is pretty slick alright. So if you don't like either IE or FF, give Google's new tool a test drive.

Just Google 'chrome browser'


Back to Article

Microsoft Expands Zero-Day IE Warning
By Sean Michael Kerner
December 12, 2008

Did Microsoft miss a vulnerability in its latest Internet Explorer (IE) patch roundup -- or several?

Late Thursday, Microsoft updated its advisory on a zero-day vulnerability affecting its IE 7 Web browser. The updated advisory now indicates that older and newer versions of IE are also at risk from the XML zero-day flaw.

As a result, the company is now warning that IE 5.01 Service Pack 4, IE 6 and IE 6 SP1, and Windows Internet Explorer 8 Beta 2 are all potentially at risk.

The flaw stems from an issue in how Internet Explorer parses XML. Microsoft reported the vulnerability a day after issuing its December Patch Tuesday update, which contained four different fixes for versions of IE.

As of late Thursday, there were no reported public sightings of the XML flaw in action on browsers other than IE 7, according to the security watchdogs at SANS Internet Storm Center (ISC).

"I don't want to start a panic," ISC handler Kevin Liston wrote in a post on ISC's site. "We have not received any reports of attacks affecting these versions (yet.)"

Signs point to new attacks

The same, however, can't be said for attacks based on IE7. Johannes Ullrich, another handler at ISC, reported on the group's site an SQL injection attack spreading by using the browser's vulnerability.

Microsoft itself is reporting attacks in the wild and is providing some direction as to which countries have been affected the most so far. According to Microsoft's Microsoft Malware Protection Center blog, as of late Thursday, 64 percent of reported infections were coming from the U.S., 7 percent from China, 7 percent from Canada and 5 percent from Japan.

"The exploit sites we've seen so far drop a wide variety of malware," Microsoft said. "Most commonly password stealers, like new variants of game password stealers like Win32/OnLineGames, and Win32/Lolyda; keyloggers like Win32/Lmir; trojan horse applications like Win32/Helpudalong with some previously unseen malware, which we generically detect as Win32/SystemHijack."

Microsoft also said that the Web sites that have been taking advantage of the zero-day flaw are primarily being hosted on Chinese domains. The most prevalent web page names that have are using the vulnerability, according to Microsoft, are: 7.htm, I7.htm, ie07.htm, msxml.htm, and ss.htm.

Microsoft has not yet indicated whether it would issue a patch for the current zero-day XML flaw. The company has noted in its public advisory however that it would will take "appropriate action" when an investigation is complete -- action that could include an out-of-cycle patch.

In addition to its investigation, Microsoft is also now providing additional guidance to users on workarounds that could mitigate the risk from the vulnerability.

"Specifically, we're recommending both setting the Internet zone security setting to 'High' and using [Access Control Lists] to disable Ole32db.dll," Christopher Budd, a member of the company's security response team, wrote on the Microsoft Security Response Center blog. "Our research so far has shown that these two steps together provide the most effective protections for this issue."

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Copyright 2008 Jupitermedia Corporation All Rights Reserved.

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail

Patricia Brucoli
Plug-In Profit Site Helpdesk
Patrician is offline   Reply With Quote
The Following 2 Users Say Thank You to Patrician For This Useful Post:
Unread 13th Dec 2008, 08:13 AM   #2
Senior Warrior Member
War Room Member
Cynthia Minnaar's Avatar
Join Date: 2006
Location: Pietermaritzburg, South Africa.
Posts: 1,262
Thanks: 2
Thanked 28 Times in 24 Posts
Re: More Dire Warnings About IE7 - Google Chrome Rocks!
Share on: 
fb share twitter share gplus share more share

Hi Pat

Thanks for this update. I must admit I have not been having too many problems lately with IE7 but do keep us posted as to how you are doing with the Google Chrome Browser.

Cheers for now

Cynthia Minnaar is offline   Reply With Quote
Unread 15th Dec 2008, 05:37 PM   #3
Think It, See It - Do It!
War Room Member
Kym Robinson's Avatar
Join Date: 2008
Location: Outside Perth in Western Australia.
Posts: 1,013
Thanks: 25
Thanked 90 Times in 60 Posts
Re: More Dire Warnings About IE7 - Google Chrome Rocks!
Share on: 
fb share twitter share gplus share more share

very good read!

I too have been having a pile of issues with IE& - so I better go check out chrome!

I have heard many good reports about chrome - so now that you like it too - Im pushed over the edge and will go check it out!

thanks - Kym
Kym Robinson is offline   Reply With Quote


chrome, dire, google, ie7, rocks, warnings

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

All times are GMT -6. The time now is 07:57 PM.