Exploit for Unpatched IE Flaw Released
Researchers have released computer code demonstrating how to exploit a previously unknown security hole in Microsoft's Internet Explorer Web browser to take over Windows computers.
The exploit could be embedded into a malicious Web site so that users who the browse the site with IE could quickly find their computer under the control of the site owner. For example, the site could use the exploit to force the victim's computer to initiate a file transfer or download.
Assuming this code works, I'm afraid that we will very soon see Web sites using it to install spyware, adware or viruses on visiting PCs. Until Microsoft issues some sort of workaround or patch, I would recommend anyone using IE to switch browsers. Now would be an excellent time to give another browser a whirl, such as Firefox, Opera or Netscape.
Security Fix will post updates if we hear from Microsoft on this threat or if anyone spots the exploit being used in the wild.
Update, 3:24 p.m., ET: Microsoft says it is investigating reports of a vulnerability in IE for customers running Windows 2000 Service Pack 4, and for Windows XP users running Service Pack 2. Microsoft said customers running Windows Server 2003 and Windows Server 2003 SP1 in their default configurations, with the Enhanced Security Configuration turned on are not affected.
Posted by: David Taylor | November 21, 2005 10:53 AM | Report abuse
Posted by: Bk | November 21, 2005 10:56 AM | Report abuse
Posted by: Barry 'cueball' White | November 21, 2005 12:19 PM | Report abuse
Posted by: Joseph | November 21, 2005 1:11 PM | Report abuse
Posted by: corbett | November 21, 2005 1:19 PM | Report abuse
Posted by: David Taylor | November 22, 2005 6:25 AM | Report abuse
Posted by: js | November 22, 2005 8:17 AM | Report abuse
Posted by: Joe | November 22, 2005 12:40 PM | Report abuse
Posted by: Joe | November 22, 2005 12:41 PM | Report abuse
Posted by: willie | November 28, 2005 5:08 PM | Report abuse
The comments to this entry are closed.