Another crtical and unpatched Internet Explorer security hole
Warnings appeared today of a critical security hole in Internet Explorer. Apparently, Microsoft has been aware of the problem for some time but has issued no patch because they assumed that it was limited to DDoS (Distributed Denial of Service) attacks. However, Secunia reports
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.
And Secunia adds
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2, and Internet Explorer 6.0 and Microsoft Windows 2000 SP4.
ZDNet reports today that
The exploit code, made public Monday, aims to take advantage of the “extremely critical” vulnerabilities in IE 5.5 and IE 6 running on XP Service Pack 2 (SP2), and IE 6 running on Windows 2000 SP4, security researcher Secunia said in advisory.
Once a PC user is tricked into visiting a malicious Web site, the exploit can be triggered automatically, without the user doing anything.
“An attacker could use the exploit to run any code they want to on a person’s system,” said Thomas Kristensen, Secunia’s chief technology officer. “It could be they want to launch some really nasty code on a user’s system.”
Regular users of IE should be very careful about which sites they go to. Until a patch is issued the only defense is to disable Active Scripting. Details on how to change IE setiings can be found at http://surfthenetsafely.com/surfsafely6.htm. Or you could just use Firefox or Opera or other browser.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.