New Exploit for Unpatched IE Flaw
On Friday, Security Fix warned readers about an unpatched flaw in Microsoft's Internet Explorer Web browser that could let attackers take over your computer if you visit a malicious or hacked Web site. I'm blogging about it again to let readers know that at least two sets of programming instructions have been released that hackers can use to exploit the flaw to install whatever they want on vulnerable PCs.
In addition, I failed to mention in my first post that this flaw represents a serious security threat even for IE users who are otherwise following the basic security practices -- using a firewall, applying Microsoft patches, and staying current on the latest anti-virus software updates.
First off, there is no patch available yet from Microsoft to fix this problem. Second, because this is a browser flaw -- and browser Web traffic is configured by default in most firewalls to be allowed to pass in and out of the user's computer without interference -- even IE users who have properly configured a firewall are at risk. Third, many of today's virus threats disable anti-virus protection as the first order of business on a newly infected PC.
For those readers who insist on using Internet Explorer before a patch for this problem is made available, I would highly recommend following Microsoft's instructions on how to minimize the threat from this flaw (click on the "Workarounds" tab) -- however complex they may be.
On this last piece of advice, I note with interest that the US Computer Emergency Readiness Team (US-CERT) -- the division of the Department of Homeland Security tasked with helping to educate businesses and consumers about staying safe online -- says nothing about using a different browser in its alert on this vulnerability.
Posted by: Matt | July 5, 2005 5:38 PM | Report abuse
Posted by: Matt | July 5, 2005 5:42 PM | Report abuse
Posted by: Alex | July 5, 2005 6:16 PM | Report abuse
The comments to this entry are closed.