Internet Explorer vulnerable on Windows 7

happygeek 0 Tallied Votes 1K Views Share

So it seems that an Internet Explorer zero day vulnerability allowed the back door to be opened that resulted in the hack attack on Google and many others that has received such publicity this week.

According to McAfee it has identified an Internet Explorer vulnerability as being one of the attack vectors but the security vendor also warns that targeted attacks such as this often use "a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios" so it is possible, likely even, that other as yet unidentified attack vectors were also involved. However, McAfee dismisses some early reports which claimed that an Adobe Reader PDF vulnerability was a factor, stating that there is simply no evidence to suggest this to be the case.

Worryingly though, McAfee does insist that while "this attack is especially deadly on older systems that are running XP and Internet Explorer 6" and this was the focus of these recent attacks, Internet Explorer does remain "vulnerable on all of Microsoft’s most recent operating system releases, including Windows 7". McAfee says that new versions of Windows simply make exploiting the vulnerability harder, not impossible.

It becomes even more worrying when you appreciate that the code used in the Google attack to exploit the as yet unpatched vulnerability has now been published on the web for anyone to grab and make use of. Unlike some other news publications, DaniWeb will not be making things easier yet by linking to the website concerned.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

A 'Microsoft Spokesperson' has just contacted me to say this in response to the Internet Explorer vulnerability news:

Microsoft is aware of public exploit code released that impacts customers using Internet Explorer 6 and of limited, targeted attacks attempting to use this vulnerability against Internet Explorer (IE) 6. As a result of the reports, we released an update to Security Advisory 979352 to alert customers and provide actionable guidance and tools to help with protections against exploit of this IE vulnerability:

Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8. To help protect our customers, we recommend that all customers immediately upgrade to Internet Explorer 8. Customers should also consider applying the workarounds and mitigations provided in our Security Advisory such as putting Internet zone security settings to High.

Microsoft teams are continuing to work around the clock on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing an out-of-cycle security update.

pitlin 0 Newbie Poster

For this I`d prefer firexof and chrome.

The Dude 944 Nearly a Senior Poster

All these things about IE6 all of a sudden seem a little bit suspicious to me,LIKE THEY ARE TRYING TO SCARE PEOPLE OFF OF IE6 AND GET THEM TO SOMETHING WHERE THEY HAVE MORE CONTROL!

Tcll 66 Posting Whiz in Training Featured Poster

while I do rate IE8 as the best IE for security (that I've used), I do agree with the MS-control.

I'm sure everyone remembers how much I've bamfed chrome, now I'm actually using it and rate it above Comodo IceDragon after having switched to linux. :P
http://tcll5850.proboards.com/thread/268/sincere-apology-google

though, there are rumors about google spying on everything...
I do believe this was removed in Dragon.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.