Feeds

MS issues brown alert over unpatched IE 7 flaw

One in 500 exposed

Top 5 reasons to deploy VMware with Tegile

Hackers have upped the ante by launching more attacks against an unpatched IE 7 flaw.

Microsoft warned on Saturday that attacks targeting the vulnerability, which affects versions of its flagship browser on all supported versions of Windows, are becoming more widespread. The security bug first came to prominence a week ago, just before the latest edition of Microsoft's update cycle.

At first the flaw was exploited in targeted Trojan attacks but it's now become much more widespread. Crackers have planted exploit code on warez and smut sites and, in some cases, legitimate sites through the use of website vulnerabilities. A popular search engine in Taiwan is among the victims.

As a result an estimated one in 500 users worldwide have been exposed to the vulnerability, Microsoft estimates. The volume of attacks grew by 50 per cent from Friday until Saturday alone with little sign of a let-up. It's highly unusual for Redmond to quote such stats, and the fact it has underlines the mounting seriousness of the problem.

At first it was reckoned that only IE 7 users were affected, but further analysis suggests that versions 5.01, 6, and 8 of the browser are also vulnerable. However, attack code currently in circulation aims to exploit surfers running IE7 specifically. Early prognosis of the vulnerability suggested error in parsing XML code were the problem, but further work has revealed that data binding bugs are the real culprit.

Suggested workarounds to defend against the flaw, pending a security patch from Microsoft, include disabling active scripting - as explained by US CERT here. ®

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.