 sj |
||
|
||
Tech: NEW ALERT Serious security flaw in IE
|
|
|
|||||||
|
Tech: NEW ALERT Serious security flaw in IE |
Share Thread
|
||||||
|
Subject: NEW ALERT Serious security flaw in IE From: GUEST,punkfolkrocker Date: 16 Dec 08 - 06:56 AM latest from BBC news this morning: http://news.bbc.co.uk/1/low/technology/7784908.stm "Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed. The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say. Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it. " I've scanned forum quick in case of duplication before posting this, but could not find any prior notice. If this is already posted here somewhere delete as apropriate.... I've just downloaded 8 Microsoft updates, but am obviously not too certain if there are more to follow in next few days..!!?? |
|
Subject: RE: NEW ALERT Serious security flaw in IE From: treewind Date: 16 Dec 08 - 07:14 AM More details at The Register. The problem's been known about for a week or two, but exploits are on the increase. Anahata (Posting relatively safely through Google Chrome) |
|
Subject: RE: NEW ALERT Serious security flaw in IE From: Rasener Date: 16 Dec 08 - 08:21 AM Ive got google chrome as my back up browser. Maybe I will switch for a while. |
|
Subject: RE: NEW ALERT Serious security flaw in IE From: alex s Date: 16 Dec 08 - 08:28 AM It's real all right. I use Mozilla Firefox. |
|
Subject: RE: NEW ALERT Serious security flaw in IE From: JohnInKansas Date: 16 Dec 08 - 09:42 AM There's little info on just how serious a threat this is to most of us likely to be here. It appears that nearly all attacks have been in China, Taiwan, and other Asian areas, but of course reports are that it has been "growing" quite rapidly. Reports indicate that a server in Taiwan has been the most prolific "propagator." A couple of reports have indicated that the "payload" downloaded by all known successful exploits is aimed at finding "access codes" for game programs, but it is warned that other exploits could appear. McAfee, and others, indicate that the payload signature seen thus far is blocked/removed by their AV programs, and that the actual trojan being used in the exploits thus far seen is several years old (ca. 2005). Most sites offering this assurance add the obligatory warning that new payloads could use the exploit. Microsoft suggests that if you're concerned you should set security in IE to High (Tools|Internet Options, Security Tab, in Internet Zone push the slider all the way to the top. You should also be sure that there's a check in the box for "Enable Protected Mode"). Setting the security level to high may give you lots of warnings and requests for permissions on some sites, but you can eliminate those for sites you really trust by adding them to the "Trusted Sites" list (Tools|Internet Options|Privacy tab, Sites button). IF YOU SET THE SECURITY LEVEL UP to maximum, you'll want to add two Microsoft sites to the trusted list or you won't get updates: *.windowsupdate.microsoft.com and *.update.microsoft.com (Both of these will appear with "Always Allow" in the sites box as microsoft.com, but you're advised to add them each separately, as indicated, by the Microsoft IT bulletin.) The security setting is indicated by Microsoft as "mitigating" the threat, but is not a full prevention. Several alternative "other actions" are described, but I'm not sure that the descriptions are likely to be sufficiently clear for many users to implement them easily, or to turn them off if/when they're no longer needed. Warnings of "reduced functionality" come with each of the alternatives. It appears that the threat is currently fairly minimal for those with good AV and a good firewall; but nobody - that I've found thus far - really is willing to give much of an assurance on that. If there's a real concern, you can take a look at the KB article for Users and/or the advisory for IT professionals. It is indicated that any one of the alternate methods is sufficient, but (IMO) most users will have difficulty deciding which to use, and as yet there is little real guidance for the non-professional user like most of us. A significant vulnerability, but with fewer known exploits at the time of the notes, was reported for Firefox about the middle of last week, and I've seen no reports of a patch issued for it either. (As I don't use it, I might have missed the solution.) If you decide to use it instead of IE, checking for latest version and updates would be a good idea, perhaps. John |
|
Subject: RE: NEW ALERT Serious security flaw in IE From: GUEST Date: 16 Dec 08 - 10:08 AM Linux with Firefox is the answer and they're both free!!! Peace, Ed |
|
Subject: RE: NEW ALERT Serious security flaw in IE From: JohnInKansas Date: 16 Dec 08 - 05:47 PM MSNBC has just posted an announcement that Microsoft will begin distributing a patch for this vulnerability on Wednesday (tomorrow) as an out of sequence emergency update. Windows users receiving automatic updates should get it without any requirement to take any action - if you can avoid infection for another day or so. Note: I haven't confirmed the distribution directly from any of the Microsoft security sites, but the MSNBC news should be reliable. John |
| Share Thread: |