Network News

X My Profile
View More Activity

Another Critical IE Flaw Found

Security researchers are pointing out a newly reported security hole in Microsoft's Internet Explorer Web browser that  attackers could use to assume control over Windows PCs just by convincing users to visit a specially crafted Web page.

Researcher Tom Ferris brought the matter to Microsoft's attention Aug. 14. Ferris says the flaw can definitely be used to crash IE, and almost certainly can be exploited to take over vulnerable Windows machines.

According to an advisory posted by French security group FrSirt -- a.ka. "K-OTik" -- the flaw is present in virtually every version of Internet Explorer.

A Microsoft spokesperson said the company is not aware of any Windows users being attacked as a result of the flaw, and that Microsoft is "aggressively investigating the report. Upon completion of this investigation, Microsoft will of course take the appropriate action to help protect our customers.  This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

One simple way to avoid worrying about this vulnerability is just to use another browser, such as Firefox, Opera or Netscape.

Opera is free if you want to view small ads in the upper corner of the browser, though you can pay a small fee and register the product if you want those ads to go away. But today, however, Opera is celebrating its 10th birthday, and is offering a free registration code for the full (no ads) version of the browser for anyone who visits their site and clicks on the "Go Free Now" button and enters their e-mail address (which it doesn't appear to verify). I can't seem to find anywhere on the site that says how long this offer is going to last, so if you are interested, you probably shouldn't delay. The site is a bit slow as of this writing, so I'm guessing a lot of people are jumping at the offer.

By Brian Krebs  |  August 30, 2005; 2:02 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Hurricane Katrina Breaks Internet2 Link, But Performance Not Affected
Next: Zeroing In on Mytob-Zotob Crime Ring

Comments

I've been using Firefox for more than year and have loved it. No ads, btw--I was surprised to read that Opera included on-screen ads. Firefox works perfectly with Roboform Pro, my indispensible form filler. Since Firefox is free, I'm surprised that only 75,000,000 people use it so far.

Posted by: LeisureGuy | August 30, 2005 3:31 PM | Report abuse

Microsoft is a monopoly and doesn't give a damn. Why can't I email this to someone? I have a friend that lives in NYC and is an IT proffessional. He could use the date.

Frustrated,
Bob Lawrence

Posted by: Bob Lawrence | August 30, 2005 4:26 PM | Report abuse

Actually, it's now past 84 million: http://feeds.spreadfirefox.com/downloads/firefox.xml

Posted by: Andrew | August 30, 2005 5:14 PM | Report abuse

Firefox has had more patches In 2005 than any other browser.

Secunia Security Advisories

Firefox
2005 - 17 Secunia Advisories
http://secunia.com/product/4227/?period=2005#statistics

Opera
2005 - 6 Secunia Advisories
http://secunia.com/product/4932/?period=2005#statistics

Internet Explorer
2005 - 11 Secunia Advisories
http://secunia.com/product/11/?period=2005#statistics


Firefox's Market Share Slips; IE Rises
http://www.internetweek.com/news/168601335

Posted by: Tim | August 30, 2005 7:36 PM | Report abuse


Hello,

You made a mistake [a.ka. "K-OTic"] would be [a.ka. "K-OTik"] (ends with a "k" not a "c")

Posted by: Alex Popov | August 31, 2005 7:11 AM | Report abuse

Thanks, Alex, I've fixed.

Posted by: Bk | August 31, 2005 9:27 AM | Report abuse

What is this a Security Flaw notice or an advertisement for Firefox? Letting people know of a flaw and how to repair it is the basic information I want to read here. Telling people the sky is falling and telling them they will be "all better" going to another browser is just irresponsible writing.

Posted by: John Jones | August 31, 2005 12:47 PM | Report abuse

The number of Secunia advisories for each browser is not important. What IS important is the number of UNPATCHED advisories:

Internet Explorer - 31
Firefox - 4
Opera - 0

(Manual count of advisories posted at Secunia website.)

Why would anyone concerned about security use IE?

Posted by: Terry | August 31, 2005 1:52 PM | Report abuse

I discovered Firefox back in December, just after going on line for the first time ever mainly because I am a messer and am not satisfied with what is provided and enjoy trying different things, but now it is the browser for me and I am sticking with it.
All the best.

Posted by: Sarah L. | August 31, 2005 3:00 PM | Report abuse

"Telling people the sky is falling and telling them they will be 'all better' going to another browser is just irresponsible writing" -- Posted by: John Jones | Aug 31, 2005 12:47:13 PM

whenever we see a comment like John Jones', we assume he works for Microsoft... Microsoft is known to cruise the net looking for negative comments about its products and having one of their goons respond...

for higher end products like Windows/XP vs. Linux, Microsoft hires high-end tech research firms to write bs articles about TCO -- Total Cost of Ownership; i've lost total respect for some of these sell-out orgs

well, Mr. John Jones... Brian Krebs is in the same irresponsible group as the Wall Street Journal and other major media outlets (print and electronic) who have figured out that the IE sky really is falling and the fastest security fix is to dump it and go with Firefox

(btw, just a funny coincidence that John Jones and Bill Gates have the same number of letters in their names and the same pattern of consonants and vowels :)

Posted by: D.Simms | September 1, 2005 7:27 AM | Report abuse

Believe me that every time we see a new critical vulnerability and/or exploit announced/released ahead of a patch that would fix the problem, we always have an internal discussion about whether it is the right thing to do to call attention to the issue. In most cases, the answer is yes.

The whole point of this blog is to help regular internet users stay safe online, and a big part of that process is awareness. Right now there is a fair argument to be made that given the focus of attacks on IE that users may be safer using another browser. I don't see it as my job to take one position or the other in that debate, but merely to provide people with information so that they can make their own informed decisions.

Posted by: Brian Krebs | September 2, 2005 11:56 AM | Report abuse

What is this a Security Flaw notice or an advertisement for Firefox? Letting people know of a flaw and how to repair it is the basic information I want to read here. Telling people the sky is falling and telling them they will be "all better" going to another browser is just irresponsible writing.

Posted by: Marry | January 2, 2006 4:46 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company