Users told: Get rid of Internet Explorer (again)
It’s more like an exploit than a browser
Internet Explorer users have been told to ditch the application and switch to another browser, pronto.
The warning comes from Rapid7, which describes a hole that’s exploitable by visiting a malicious Website (and, of course, in the world of Twitter and shortened URLs, it’s so much easier to get users to visit such sites).
Visiting a malicious site gives the attacker the same privileges as the current user, according to Rapid7’s post, here. Although the published exploit targets XP, Rapid7 says the attack works on IE 7 through 9 running on XP, Vista and Windows 7.
The discoverer of the exploit, Eric Romang, says the zero-day drops a file, Exploit.html, on the target. This, in turn, creates files with img and swf suffixes, which IE treats as Flash.
Romang claims the exploit was created by the same group – Nitro – that recently released a Java zero-day into the wild.
Rapid7’s HD Moore, also chief architect of Metasploit, told Ars that he’s surprised to see the exploit work across Windows Vista and 7: “This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS”, he said. The attack bypasses ASLR – address space layout randomization – that’s meant to help defend the newer operating systems against attack.
Microsoft is looking at the exploit now, and has stated that it will “take the necessary steps” once it has a fix ready. ®
Odd didn't we read the other week...
...that i.e. is less susceptible to a certain attack than many of the other browsers...
Ooo look here it is.
(following link to)
"Just on the browser compatibly for that XSS: IE9 and IE10 are actually pretty good and will warn you about it without exexuting it. All other browsers tested – Chrome, Firefox and Safari (desktop and iOS) – will happily parse it and allow the exploit to occur."
So lets face it, use one browser your screwed one way and use another and your screwed another way.
Because a browser has a security bug we should stop using it? What do we do when FireFox has an exploit? Move to Chrome? Then what when Chrome has a bug?
Software gets exploited, the important thing is that the bugs get addressed not that they exist.
Re: IE? Who uses that shit ?
IE? Who uses that shit ?
Sadly, my customers.