Big Security Hole in All IE Versions
On Wednesday, Security Fix warned readers about a newly-discovered security hole in Internet Explorer 7. I'm posting this again because Microsoft now says the flaw affects all supported versions of IE, and because security experts are warning that a large number of sites are being compromised in an effort to exploit this vulnerability and install malware on vulnerable systems.
The SANS Internet Storm Center reports that hackers are breaking into legitimate Web sites and uploading code that could install data-stealing software on the machine of a user who visits the site using Internet Explorer. SANS's chief technology officer Johannes Ullrich estimates that thousands of sites have been seeded with this exploit to date.
For example, Web security firm Websense reports that hackers have compromised the Chinese Web site for ABIT, the maker of motherboards that power many home computers. So far, the exploits appear to be only stealing online gaming credentials, but SANS and others warn that attackers will likely use this exploit more deftly in the coming days and weeks.
According to Microsoft's revised security advisory, this flaw is present in every version of IE in use today, from IE5 all the way through to IE8 Beta 2.
more.....http://voices.washingtonpost.com/securityfix/2008/12/microsoft_big_security_hole_in.html
On Wednesday, Security Fix warned readers about a newly-discovered security hole in Internet Explorer 7. I'm posting this again because Microsoft now says the flaw affects all supported versions of IE, and because security experts are warning that a large number of sites are being compromised in an effort to exploit this vulnerability and install malware on vulnerable systems.
The SANS Internet Storm Center reports that hackers are breaking into legitimate Web sites and uploading code that could install data-stealing software on the machine of a user who visits the site using Internet Explorer. SANS's chief technology officer Johannes Ullrich estimates that thousands of sites have been seeded with this exploit to date.
For example, Web security firm Websense reports that hackers have compromised the Chinese Web site for ABIT, the maker of motherboards that power many home computers. So far, the exploits appear to be only stealing online gaming credentials, but SANS and others warn that attackers will likely use this exploit more deftly in the coming days and weeks.
According to Microsoft's revised security advisory, this flaw is present in every version of IE in use today, from IE5 all the way through to IE8 Beta 2.
more.....http://voices.washingtonpost.com/securityfix/2008/12/microsoft_big_security_hole_in.html
Last edited:
