Network News

X My Profile
View More Activity

Microsoft Issues Warning About Unpatched IE Flaw

Microsoft Corp. on Wednesday warned users that virus writers have started exploiting a newly-discovered flaw in Internet Explorer for which the company has not issued a security patch. The company said users browsing the Web with IE could infect their computers with a Trojan horse if they visit certain Web sites that are known to be exploiting the flaw, though it didn't specify what those sites are.

This particular threat does not appear to be very serious, and indeed earned a "low" threat rating from Redmond. Still, it is possible this was something of a test run by hackers, and we may see more dangerous threats exploiting this flaw in the days and weeks ahead.

The SANS Internet Storm Center speculates about whether the emergence of this Trojan will prompt Microsoft to issue a patch outside of its monthly patch release cycle, the next installment of which isn't due until Dec. 13.

The warning about the IE flaw, coincidentally, came on the very day Microsoft began promoting its Microsoft Windows Live Safety Center, which includes the company's beta version of anti-virus software that scans computers directly from Microsoft's site. It is worth noting that the Microsoft Web posting examining the IE threat resembles malware alert and description pages regularly published by the major anti-virus companies.

It will be interesting to see whether Microsoft's entry into the virus-naming business will bring about more or less uniformity and saneness in identifying viruses and worms by a common name.

By Brian Krebs  |  December 1, 2005; 8:26 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Sony Rootkit Sleuth to Join Class Action Suit
Next: FBI Warns of E-Mail Scam Touting PayPal Class-Action Suit


"This particular threat does not appear to be very serious"

Not serious at all. Just that almost any Windows computer on earth can be silently compromised by a web link.

Posted by: Anonymous | December 1, 2005 10:56 AM | Report abuse

It would be remiss not to mention that the new version, 1.5, of Firefox has been released this week.

Posted by: Tim | December 1, 2005 11:10 AM | Report abuse

So, why didn't Microsoft issue the warning in May of 2005 when they were notified of the issue and the CVE was created for the issue??? Clicking a link to a web site that hosts code that will take over your machine and become a bot is a "low risk"?

I'd like to thank the Security Response Team at Microsoft for their fast response to this issue. They are really helping the consumers protect themselves. It's this innovative process that truely sets them apart from the rest of the software world.

The reality is that (IMHO) they didn't test it properly back in May and labeled it a DOS issue (less severe), and then dropped it into the "we'll get around to it" bin. Now that it's a 'real' issue they jump on it and 'announce' that they are protecting the consumer ad infinitem.

Posted by: David | December 1, 2005 11:38 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company