OT: MICROSLOP IE FULL OF NEW HOLES (all versions)

Hey Gang,

An article about this was posted all over all the news services, plastered
front page, security pros suggesting to abandon IE for now and go to any
thing else for the time being as MS workarounds did not work in most cases
and a patch is a long way off. This was the headline story about this
vulnerability warning people to change browsers ASAP... for all of about 3
hours and now it is buried. Don't know how accurate this is, because a
company would have to be mighty powerful to make the kind of warnings they
were giving to disappear in a matter of a few hours........

Yez rolls the dices and youse take yer chances...--og




Microsoft issuing emergency fix for browser flaw (AP)

Posted on Tue Dec 16, 2008 4:20PM EST

REDMOND, Wash. - Microsoft Corp. is taking the unusual step of issuing an
emergency fix for a security hole in its Internet Explorer software that has
exposed millions of users to having their computers taken over by hackers.

The "zero-day" vulnerability, which came to light last week, allows
criminals to take over victims' machines simply by steering them to infected
Web sites; users don't have to download anything for their computers to get
infected, which makes the flaw in Internet Explorer's programming code so
dangerous. Internet Explorer is the world's most widely used Web browser.

Microsoft said it plans to ship a security update, rated "critical," for the
browser on Wednesday. People with the Windows Update feature activated on
their computers will get the patch automatically.

Thousands of Web sites already have been compromised by criminals looking to
exploit the flaw. The bad guys have loaded malicious code onto those sites
that automatically infect visitors' machines if they're using Internet
Explorer and haven't employed a complicated series of workarounds that
Microsoft has suggested.

Microsoft said it has seen attacks targeting the flaw only in Internet
Explorer 7, the most widely used version, but has cautioned that all other
current editions of the browser are vulnerable.

Microsoft rarely issues security fixes for its software outside of its
regular monthly updates. The company last did it in October, and a year and
half before that.


.

Relevant Pages

  • Re: Please help with pop-ups!!
    ... Sometimes I'm not on the internet ... A1) No. Microsoft NEVER sends emails with security update attachments. ... pages where you can access Windows Update, download patches, or request ...
    (microsoft.public.security)
  • Microsoft Releases Security Update
    ... Microsoft Releases Security Update ... interim security update Friday to protect users of its ... attacks to cripple the Internet. ...
    (microsoft.public.security)
  • RE: ConnectComputer - Permission Denied
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... >> This issue is probably a security problem that the ConnectComputer ... In IE, go to Tools, Internet Options, Security. ...
    (microsoft.public.windows.server.sbs)
  • Microsoft Plugs IE; Report Warns All Browsers At Risk
    ... Microsoft Plugs IE; Report Warns All Browsers At Risk ... As if to prove the point that security is like the Dutch boy at the ... but rather an change to Windows that disables the ADODB.Stream ... content of a site displayed in the browser. ...
    (sci.med.transcription)
  • RE: Home Page Format Changed (Msnbc.msn.com)
    ... It is possible that your browser is accessing the page directly from your ... Every time you log on to the Internet, ... Reconfigure your Security Settings ...
    (microsoft.public.windowsupdate)