Print 65 comment(s) - last by MrPoletski.. on Dec 23 at 9:12 AM

A new security flaw discovered in Microsoft's Internet Explorer has the company and its customers losing much sleep

News broke in the security world earlier this week that a critical vulnerability had been found in Microsoft's Internet Explorer 7.  The vulnerability could be used to take over computers and is known to be currently being used to steal passwords.

Rick Ferguson, a senior security adviser at security firm Trend Micro says thus far the hole has only been exploited to steal online game passwords, but the attacks could become much more serious for unpatched users.  He states, "It is inevitable that it will be adapted by criminals. It's just a question of modifying the payload the trojan installs."

The seriousness of the flaw was evidenced by Microsoft's rather public announcement of the vulnerability and panicked rush to develop a patch.  So-called "out-of-band" announcements from Microsoft are rare. 

In this case it made such an announcement, stating in a press release, "Microsoft teams worldwide have been working around the clock to develop a security update to help protect our customers.  Until the update is available, Microsoft strongly encourages customers to follow the Protect Your Computer Guidance at, which includes activating the Automatic Update setting in Windows to ensure that they receive the update as soon as it is available."

Microsoft has announced that it will have a patch for the vulnerability by 1800 GMT on 17 December, available via Windows Update.

Some experts have suggested that corporate and private users switch browsers, to an alternative such as Firefox, Opera, or Chrome until the security flaw is patched on affected systems.  Only Microsoft Internet Explorer 7 is vulnerable to this latest attack.

However, some security experts are cautioning that a switch may be equally problematic.  Says Graham Cluley, senior consultant with security firm Sophos, "Firefox has issued patches and Apple has too. Whichever browser you are using you have to keep it up to date.  People have to be prepared and willing to install security updates. That nagging screen asking if you want to update should not be ignored."

The report ironically follows fast on a report that Firefox is a dangerously vulnerable application for businesses.  Apple's Safari has also been blasted within the last year for poor security and patching

Even the security of major open source software, not a popular target for hackers who heavily use such software, was recently brought into question when a major encryption scheme was found to be broken.  All of these instances illustrating the growing challenge of computer security, the difficulty with being a market leader (and thus a mark), and need for diligence when it comes to patches and updates.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Bit late?
By TomZ on 12/17/2008 1:48:21 PM , Rating: 2
I agree - and I throught it was odd to talk about "experts" suggesting to install other browsers in the meantime. I mean, what kind of advice is that, considering Microsoft planned a release for later the same day ?!?

Downloading and installing a different browser instead of just waiting a few hours and running Windows Update is pretty silly. Or better yet, run it now (as I did) and find out that the update is already available.

RE: Bit late?
By mars777 on 12/17/2008 10:49:04 PM , Rating: 2
It really isn't the same day. God know for how long this was misused until somebody out of MS found it. It was reported yesterday and MS plans to do a patch for tomorrow.

That's the caveat of closed source. You never know for how long something was misused. It could have been misused from day one of IE7 because nobody reported it and nobody could have reviewed IE7 code to ensure it is safe. Surely the first finder of the bug did not report it but rather chose to exploit :)

RE: Bit late?
By Quiescent on 12/17/2008 10:54:39 PM , Rating: 3
I have been telling my mother since day 1 to use another browser. She didn't listen to me until last night. I had Firefox installed on her computer, and now she's finally using it. I would have her use Google Chrome, but she needs addons for Firefox. I don't need them too much.

RE: Bit late?
By Quiescent on 12/18/2008 1:08:54 PM , Rating: 2
Oh yeah, but get this: I got my stubborn dad to use Firefox since the day I requested that he did. I put it on his business computer and told him that since he doesn't have AV software currently, that he is safer using Firefox than IE. However, for some reason I am more apt to convince my dad about using software now that my boyfriend has built his business computer and he seems to like computers now that he doesn't have to deal with a crappy eMachine. He doesn't listen to my step mother anymore, just my boyfriend and I.

But I suppose I finally got someone who is stubborn with computers to use a different browser, so this issue with IE has made it possible for me to show my mother the benifits of firefox, but I do hope she doesn't go crazy on the addons and themes, lol.

"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Laptop or Tablet - Which Do You Prefer?
September 20, 2016, 6:32 AM
Update: Samsung Exchange Program Now in Progress
September 20, 2016, 5:30 AM
Smartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki