News19,135 Articles
News spotlights:
Business | CES | Digital audio | Gadgets | Games | Green computing | Home entertainment | Internet & broadband | Laptops | Linux | Macs | PC Peripherals & components | PC security | PCs & laptops | Mobile phones | Digital photography & video | Software | Wi-Fi & networking
News by company:
AMD | Apple | BT | Dell | Google | HP | Intel | Microsoft | Nvidia | Sony
News by product:
Windows XP | Windows Vista | Windows 7 | Apple iPhone | BlackBerry | Apple iPad
November 24, 2009
Internet Explorer users given security advisory
Workarounds available for IE6 & IE7 bug
Microsoft has issued a security advisory that provides customers with guidance and workarounds for dealing with a zero-day exploit aimed at Internet Explorer.
Earlier yesterday, the company said it was investigating the incident which emerged over the weekend when someone published the exploit code to the Bugtraq mailing list. By Monday night, Microsoft switched gears and issued the advisory. There have not been any active exploits of the vulnerability reported so far.
Microsoft released Security Advisory 977981, which includes workarounds for an issue that exposes a flaw in Cascading Style Sheets that could allow for remote code execution. Vulnerabilities that allow remote-code execution generally result in patches rated as critical by Microsoft.
The advisory confirmed the vulnerability affects IE6 on Windows 2000 Service Pack 4, and IE6 and IE7 on supported editions of XP, Vista, Windows Server 2003 and Windows Server 2008. Microsoft’s said users running IE7 on Vista can configure the browser to run in Protected Mode to limit the impact of the vulnerability. It also recommended setting the internet zone security setting to 'High' to protect against the exploit. The 'High' setting will disable JavaScript, which currently is the only confirmed attack mode.
Microsoft said IE 5.01 Service Pack 4 and IE8 on all supported versions of Windows are not affected.
For an attack to work, the hacker would first have to get his victim to visit a website that hosted the exploit code. This could be a malicious website set up by the hacker himself or it could be a site that allows users to upload content.
Another way cyber criminals have launched this type of attack, however, is by hacking into legitimate websites. Earlier this week, for example citizen's band radio vendor Cobra Electronics disclosed that it had been hacked in June, most likely by a professional hacker who had used the site to download malware to customers.
Microsoft did not say whether it would patch the flaw during its next regularly scheduled set of security updates, due December 8.
(Robert McMillan of the IDG News Service contributed to this report.)
See also:
Windows XP users exposed by IE6 & IE7 hack
Free whitepaper: Phishing for victims - Truth, myth and cybercrime
<<newer story | back to index | older story>>
Submit to:
Reddit
Subscribe to PC Advisor now and claim your FREE gift
Question of the day!
Does your smartphone replace your need for a laptop when on the move?
% of PC Advisor readers agree with you
What tasks can your smartphone do that would have traditionally been done on a laptop?
Follow the conversation at @SmartphoneFocus
web browsing, search facilities, voip, email, word processing everything RT @Graham_D_C
Mainly email but getting better at spreadsheets etc, RT @IDGdan
Recent reviews
- Malwarebytes' Anti-Malware Free review
- Kodak ESP 5250 review
- Fujitsu LifeBook T4410 review
- Kodak ESP 3250 review
- Lenovo ThinkCentre A70z review
- Microsoft SideWinder X4 review
- Sony BDP-S360 review
- Acer Liquid review
- LaCie Sound2 review
- ASUS U50Vg review
Latest reader comments
- Bizzo. How can you HATE them if you don't use them? Surely it makes no difference that they're...
- I hate Facebook and Social networking sites. I mean, whats the actual point ? everyone who i...
- I sure do not need 1,000 characters to say that FB pisses me off. No consultation, no "would you...
- Hi Dave, Yes! apple are only doing EXACTLY THE SAME as Microsoft have done for years & years....
- yeah i agree with one of the other users on here...where's the WIN7 or Linux....would be sweeet...
Top news
- ComScore: 2009 social networking stats
- Bing boings but Google grows
- Microsoft, Google join MediaTek to boost emerging market sales
- Samsung & LG to show social networking phones
- Google adds Nexus One phone support
Latest blog entries
- Smartphone blogs: best apps, best phones, best freeware
- Smartphone focus: Twitter - will Apple, Google dislodge BlackBerry?
- Google plots instant translator for smartphone
- Free and friendly Windows security software? What's the catch?
- Google Books: time for a rethink?
Sponsored Content
-
Take the internet to new places with the Nokia N800
Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
Buy now
Latest technology news:
Sponsored links
-
New - BlackBerry Advisor
Get hands-on with our exclusive Virtual BlackBerry handset and check out the latest reviews of BlackBerry smartphones and software. -
Crucial Memory Upgrades
Go to Crucial.com and use either our Memory Advisor Tool or System Scanner to find a 100% compatible memory upgrade for your system, from the Best Memory Manufacturer of 2008! We offer free delivery, free technical support, and lifetime warranty. -
Award-winning Spyware Doctor with AntiVirus 2010
delivers powerful antivirus and antispyware protection using layered technologies to defend your PC. Download now for a free scan! Discover how our award-winning ThreatFire™ Behavioural Intelligence blocks new threats faster than traditional signature methods. -
PC Advisor Smartphone Focus
Latest news and resources on how smartphones are facilitating mobile and flexible working in the enterprise. Find out more and join the discussion here. -
Custom built PCs
Visit our website to see our full range of custom-built PCs. Customise any specification and have the order dispatched the next working day. A massive range of PCs - from £250 to £1,000-plus - and a full list of low-cost components are available. -
Free whitepaper
Legal risks of uncontrolled email and web use. -
Free whitepaper
Is social networking really bad for business? -
Free whitepaper
Phishing for victims: Truth, myth and cybercrime. -
Free whitepaper
Threat predictions, messaging security issues and trends for 2010. -
Free whitepaper
Email archiving: Top 10 myths and challenges. -
Free whitepaper
Managing email: Exploring common email management challenges (and how to overcome them).
About PC Advisor | Privacy policy | Media information | Site map | Contact | About IDG
All contents ©IDG 2010 | webmaster@pcadvisor.co.uk
Comments received
A Elliott said on Thursday, 26 November 2009
Dont know if anyone eles is having any trouble but since going over to windows 7 my internet explorer 8 plays up big time' so much so i'm using firefox! anyone having trouble with thir ie8?
Cliff said on Wednesday, 02 December 2009
To A Elliott I say. "Stay with Firefox" Microsoft recently admitted that IE8 was a generation behind Firefox. Which I suppose they are hoping to rectify
with IE9.