Feeds

New hacker peril for older IE versions

New species of unpatched bug bites IE6 and 7

Secure remote control for conventional and virtual desktops

Internet Explorer users are at risk from a newly discovered and unpatched vulnerability in older versions of Microsoft's browser.

A security flaw involving a dangling pointer in Microsoft's HTML Viewer (mshtml.dll) creates a possible mechanism for hackers to crash the browser and inject malware, providing they can trick marks into visiting maliciously constructed sites designed to exploit the vulnerability. Poor reliability exploits targeting the flaw were posted on underground websites late last week. Better quality attacks are more than likely to follow.

Tests by Symantec have confirmed the 0-day flaw affects Internet Explorer 6 and 7. IE8 users are reckoned to be in the clear.

Surfers using older versions of IE (why the heck is anyone still using IE6 anyway?) are advised to disable JavaScript and to stay away from untrusted websites. Alternatively they could upgrade to IE8 or use an alternative browser instead.

More on the threat can be found in a write-up by the SAN Institute's Internet Storm Centre here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
Whistling Google: PLEASE! Brussels can only hurt Europe, not us
And Commish is VERY pro-Google. Why should we worry?
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.