MS issues brown alert over unpatched IE 7 flaw
One in 500 exposed
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Hackers have upped the ante by launching more attacks against an unpatched IE 7 flaw.
Microsoft warned on Saturday that attacks targeting the vulnerability, which affects versions of its flagship browser on all supported versions of Windows, are becoming more widespread. The security bug first came to prominence a week ago, just before the latest edition of Microsoft's update cycle.
At first the flaw was exploited in targeted Trojan attacks but it's now become much more widespread. Crackers have planted exploit code on warez and smut sites and, in some cases, legitimate sites through the use of website vulnerabilities. A popular search engine in Taiwan is among the victims.
As a result an estimated one in 500 users worldwide have been exposed to the vulnerability, Microsoft estimates. The volume of attacks grew by 50 per cent from Friday until Saturday alone with little sign of a let-up. It's highly unusual for Redmond to quote such stats, and the fact it has underlines the mounting seriousness of the problem.
At first it was reckoned that only IE 7 users were affected, but further analysis suggests that versions 5.01, 6, and 8 of the browser are also vulnerable. However, attack code currently in circulation aims to exploit surfers running IE7 specifically. Early prognosis of the vulnerability suggested error in parsing XML code were the problem, but further work has revealed that data binding bugs are the real culprit.
Suggested workarounds to defend against the flaw, pending a security patch from Microsoft, include disabling active scripting - as explained by US CERT here. ®
COMMENTS
@AC
"Stop whining and wait for the path...
.. even firefox gets security patchs you know, just less people bitch about firefox exploits cause it's less fun."
Oh right, so that's the answer then, "I know I've got a security flaw in my browser, I know it's a very serious one and I know that literally hundreds of people's machines have been comprised by it and I know there are thousands of websites that have been infected with code to exploit the vulnerability, but I'm not going to do anything about it".
Yeah man, like that's the right attitude. The right attitude is to take action to prevent your machine from being compromised. If that means using another web browser then one should take such action. Sitting back and doing nothing when being in full posession of the facts is not an option, unless you are stupid.
BBC and technology news just dont mix.
Shocking sensationlaist reporting from the BBC. Just don’t go anywhere near porn and warez and you will be OK.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
