Internet Explorer vulnerable on Windows 7


So it seems that an Internet Explorer zero day vulnerability allowed the back door to be opened that resulted in the hack attack on Google and many others that has received such publicity this week.

According to McAfee it has identified an Internet Explorer vulnerability as being one of the attack vectors but the security vendor also warns that targeted attacks such as this often use "a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios" so it is possible, likely even, that other as yet unidentified attack vectors were also involved. However, McAfee dismisses some early reports which claimed that an Adobe Reader PDF vulnerability was a factor, stating that there is simply no evidence to suggest this to be the case.

Worryingly though, McAfee does insist that while "this attack is especially deadly on older systems that are running XP and Internet Explorer 6" and this was the focus of these recent attacks, Internet Explorer does remain "vulnerable on all of Microsoft's most recent operating system releases, including Windows 7". McAfee says that new versions of Windows simply make exploiting the vulnerability harder, not impossible.

It becomes even more worrying when you appreciate that the code used in the Google attack to exploit the as yet unpatched vulnerability has now been published on the web for anyone to grab and make use of. Unlike some other news publications, DaniWeb will not be making things easier yet by linking to the website concerned.

Member Avatar
Davey Winder

I've been a freelance word punk for more than two decades and for the last few years an Editorial Fellow at Dennis Publishing. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011. As well as working for DaniWeb I have been a Contributing Editor with PC Pro (the best selling IT magazine in the UK) for twenty years.


A 'Microsoft Spokesperson' has just contacted me to say this in response to the Internet Explorer vulnerability news:

Microsoft is aware of public exploit code released that impacts customers using Internet Explorer 6 and of limited, targeted attacks attempting to use this vulnerability against Internet Explorer (IE) 6. As a result of the reports, we released an update to Security Advisory 979352 to alert customers and provide actionable guidance and tools to help with protections against exploit of this IE vulnerability:

Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8. To help protect our customers, we recommend that all customers immediately upgrade to Internet Explorer 8. Customers should also consider applying the workarounds and mitigations provided in our Security Advisory such as putting Internet zone security settings to High.

Microsoft teams are continuing to work around the clock on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing an out-of-cycle security update.


For this I`d prefer firexof and chrome.


All these things about IE6 all of a sudden seem a little bit suspicious to me,LIKE THEY ARE TRYING TO SCARE PEOPLE OFF OF IE6 AND GET THEM TO SOMETHING WHERE THEY HAVE MORE CONTROL!


while I do rate IE8 as the best IE for security (that I've used), I do agree with the MS-control.

I'm sure everyone remembers how much I've bamfed chrome, now I'm actually using it and rate it above Comodo IceDragon after having switched to linux. :P

though, there are rumors about google spying on everything...
I do believe this was removed in Dragon.

Isn't it about time forums rewarded their contributors?

Earn rewards points for helping others. Gain kudos. Cash out. Get better answers yourself.

It's as simple as contributing editorial or replying to discussions labeled or OP Kudos

This is an OP Kudos discussion and contributors may be rewarded
Start New Discussion
View similar articles that have also been tagged: