![]() | #1 |
OffTheWallflowerChild War Room Member Join Date: 2004 Location: USA
Posts: 2,776
Thanks: 6,161
Thanked 2,625 Times in 1,763 Posts
|
Today there is yet another warning about serious breaches in security that were not addressed in the last patch issued by Microsoft. Mainly for IE7 but all versions are vulnerable. (IE7 is the most 'secure' - go figure). Well, that was the last straw for me because I have been having bad trouble with IE7 for a while now otherwise. It is crashing windows left and right and even though I have more than ample PC resources it can't handle stuff like music videos without freezing up and crashing my system. In the last few days it is even crashing when I click a hyperlink. I have looked at every other possibility and it can only be a piece of junk software like IE. When I tried FireFox many times, although it is beautiful and has many good features, it doesn't get along with my security and literally drives me crazy with the dialogue when I am researching new domains and host servers in my work for PIPS. I just happened to read that Google took Chrome out of beta already and released the full version in the last few days. I've been using it all day and it is pretty slick alright. So if you don't like either IE or FF, give Google's new tool a test drive. Just Google 'chrome browser' ================ http://www.internetnews.com/webconte...le.php/3790886 Back to Article Microsoft Expands Zero-Day IE Warning By Sean Michael Kerner December 12, 2008 Did Microsoft miss a vulnerability in its latest Internet Explorer (IE) patch roundup -- or several? Late Thursday, Microsoft updated its advisory on a zero-day vulnerability affecting its IE 7 Web browser. The updated advisory now indicates that older and newer versions of IE are also at risk from the XML zero-day flaw. As a result, the company is now warning that IE 5.01 Service Pack 4, IE 6 and IE 6 SP1, and Windows Internet Explorer 8 Beta 2 are all potentially at risk. The flaw stems from an issue in how Internet Explorer parses XML. Microsoft reported the vulnerability a day after issuing its December Patch Tuesday update, which contained four different fixes for versions of IE. As of late Thursday, there were no reported public sightings of the XML flaw in action on browsers other than IE 7, according to the security watchdogs at SANS Internet Storm Center (ISC). "I don't want to start a panic," ISC handler Kevin Liston wrote in a post on ISC's site. "We have not received any reports of attacks affecting these versions (yet.)" Signs point to new attacks The same, however, can't be said for attacks based on IE7. Johannes Ullrich, another handler at ISC, reported on the group's site an SQL injection attack spreading by using the browser's vulnerability. Microsoft itself is reporting attacks in the wild and is providing some direction as to which countries have been affected the most so far. According to Microsoft's Microsoft Malware Protection Center blog, as of late Thursday, 64 percent of reported infections were coming from the U.S., 7 percent from China, 7 percent from Canada and 5 percent from Japan. "The exploit sites we've seen so far drop a wide variety of malware," Microsoft said. "Most commonly password stealers, like new variants of game password stealers like Win32/OnLineGames, and Win32/Lolyda; keyloggers like Win32/Lmir; trojan horse applications like Win32/Helpudalong with some previously unseen malware, which we generically detect as Win32/SystemHijack." Microsoft also said that the Web sites that have been taking advantage of the zero-day flaw are primarily being hosted on Chinese domains. The most prevalent web page names that have are using the vulnerability, according to Microsoft, are: 7.htm, I7.htm, ie07.htm, msxml.htm, and ss.htm. Microsoft has not yet indicated whether it would issue a patch for the current zero-day XML flaw. The company has noted in its public advisory however that it would will take "appropriate action" when an investigation is complete -- action that could include an out-of-cycle patch. In addition to its investigation, Microsoft is also now providing additional guidance to users on workarounds that could mitigate the risk from the vulnerability. "Specifically, we're recommending both setting the Internet zone security setting to 'High' and using [Access Control Lists] to disable Ole32db.dll," Christopher Budd, a member of the company's security response team, wrote on the Microsoft Security Response Center blog. "Our research so far has shown that these two steps together provide the most effective protections for this issue." Search: Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia Jupitermedia Corporate Info Copyright 2008 Jupitermedia Corporation All Rights Reserved. Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Tech Jobs | Shopping | E-mail |
Patricia Brucoli Plug-In Profit Site Helpdesk | |
![]() | ![]() |
The Following 2 Users Say Thank You to Patrician For This Useful Post: |
![]() | #2 |
HyperActive Warrior War Room Member Join Date: 2006 Location: Pietermaritzburg, South Africa.
Posts: 134
Thanks: 2
Thanked 28 Times in 24 Posts
|
Hi Pat Thanks for this update. I must admit I have not been having too many problems lately with IE7 but do keep us posted as to how you are doing with the Google Chrome Browser. Cheers for now Cyn |
| |
![]() | ![]() |
![]() | #3 |
Think It, See It - Do It! War Room Member Join Date: 2008 Location: Outside Perth in Western Australia.
Posts: 933
Thanks: 25
Thanked 90 Times in 60 Posts
|
very good read! I too have been having a pile of issues with IE& - so I better go check out chrome! I have heard many good reports about chrome - so now that you like it too - Im pushed over the edge and will go check it out! thanks - Kym |
![]() | ![]() |
Bookmarks |
Tags |
chrome, dire, google, ie7, rocks, warnings |
| |