1,105,534 Community Members

Internet Explorer vulnerable on Windows 7

Member Avatar
(happygeek)
Reputation Points: 1,411 [?]
Q&As Helped to Solve: 452 [?]
Skill Endorsements: 166 [?]
 
0
 

So it seems that an Internet Explorer zero day vulnerability allowed the back door to be opened that resulted in the hack attack on Google and many others that has received such publicity this week.

According to McAfee it has identified an Internet Explorer vulnerability as being one of the attack vectors but the security vendor also warns that targeted attacks such as this often use "a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios" so it is possible, likely even, that other as yet unidentified attack vectors were also involved. However, McAfee dismisses some early reports which claimed that an Adobe Reader PDF vulnerability was a factor, stating that there is simply no evidence to suggest this to be the case.

Worryingly though, McAfee does insist that while "this attack is especially deadly on older systems that are running XP and Internet Explorer 6" and this was the focus of these recent attacks, Internet Explorer does remain "vulnerable on all of Microsoft’s most recent operating system releases, including Windows 7". McAfee says that new versions of Windows simply make exploiting the vulnerability harder, not impossible.

It becomes even more worrying when you appreciate that the code used in the Google attack to exploit the as yet unpatched vulnerability has now been published on the web for anyone to grab and make use of. Unlike some other news publications, DaniWeb will not be making things easier yet by linking to the website concerned.

Member Avatar
Davey Winder

I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .

Member Avatar
happygeek
veganarchist
9,520 posts since Mar 2006
Reputation Points: 1,411 [?]
Q&As Helped to Solve: 452 [?]
Skill Endorsements: 166 [?]
Administrator
Featured
 
0
 

A 'Microsoft Spokesperson' has just contacted me to say this in response to the Internet Explorer vulnerability news:

Microsoft is aware of public exploit code released that impacts customers using Internet Explorer 6 and of limited, targeted attacks attempting to use this vulnerability against Internet Explorer (IE) 6. As a result of the reports, we released an update to Security Advisory 979352 to alert customers and provide actionable guidance and tools to help with protections against exploit of this IE vulnerability:

Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8. To help protect our customers, we recommend that all customers immediately upgrade to Internet Explorer 8. Customers should also consider applying the workarounds and mitigations provided in our Security Advisory such as putting Internet zone security settings to High.

Microsoft teams are continuing to work around the clock on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing an out-of-cycle security update.

Member Avatar
pitlin
Newbie Poster
4 posts since Jan 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

For this I`d prefer firexof and chrome.

Member Avatar
The Dude
Nearly a Senior Poster
3,430 posts since Dec 2005
Reputation Points: 944 [?]
Q&As Helped to Solve: 78 [?]
Skill Endorsements: 0 [?]
 
0
 

All these things about IE6 all of a sudden seem a little bit suspicious to me,LIKE THEY ARE TRYING TO SCARE PEOPLE OFF OF IE6 AND GET THEM TO SOMETHING WHERE THEY HAVE MORE CONTROL!

You
Post:
Start New Discussion
View similar articles that have also been tagged: