lonelywombat
December 17th, 2008, 18:25
There are many here living in LOS or interested in LOS that use IE. This is vital info for you
Microsoft fast tracks emergency patch to plug critical security hole
Microsoft will release an emergency patch later today to fix a perilous software flaw allowing hackers to hijack Internet Explorer browsers and take over computers.
The US software giant said on Tuesday that in response to "the threat to customers" it immediately mobilized security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days."
According to researchers at software security firm Trend Micro, attacks based on the vulnerability in the world's most popular web browser are spreading "like wildfire" with millions of computers already compromised.
The "zero-day" vulnerability, which came to light last week, allows criminals to take over victims' machines simply by steering them to infected websites; users don't have to download anything for their computers to get infected, which makes the flaw in Internet Explorer's programming code so dangerous.
Microsoft said it plans to ship a security update, rated "critical," for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically.
"When the patch is released people should run, not walk, to get it installed," said Trend Micro advanced threat researcher Paul Ferguson.
"This vulnerability is being actively exploited by cyber-criminals and getting worse every day."
Trend Micro has identified about 10,000 websites that have been infected with malicious software that can be surreptitiously slipped into visitors' unprotected IE browsers to take advantage of the flaw.
A major Internet portal in Taiwan is among the legitimate websites unknowingly tainted with malicious software aimed at IE's weak spot, according to Ferguson.
Microsoft said it has seen attacks targeting the flaw only in Internet Explorer 7, the most widely used version, but has cautioned that all other current editions of the browser are vulnerable.
Microsoft rarely issues security fixes for its software outside of its regular monthly updates. The company last did it in October, and a year and half before that.
The "exploit" is similar to one used recently to steal user names, passwords and other information from people playing online games in China, according to Trend Micro.
A Chinese computer security firm that had discovered attacks taking advantage of the IE flaw released details last week after evidently thinking Microsoft had fixed the problem with routinely released software patches.
"It spread like wildfire from there," Ferguson said. "I guess they were trying to be responsible and share what they knew about what was going on, but they were mistaken about it being patched.
Microsoft fast tracks emergency patch to plug critical security hole
Microsoft will release an emergency patch later today to fix a perilous software flaw allowing hackers to hijack Internet Explorer browsers and take over computers.
The US software giant said on Tuesday that in response to "the threat to customers" it immediately mobilized security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days."
According to researchers at software security firm Trend Micro, attacks based on the vulnerability in the world's most popular web browser are spreading "like wildfire" with millions of computers already compromised.
The "zero-day" vulnerability, which came to light last week, allows criminals to take over victims' machines simply by steering them to infected websites; users don't have to download anything for their computers to get infected, which makes the flaw in Internet Explorer's programming code so dangerous.
Microsoft said it plans to ship a security update, rated "critical," for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically.
"When the patch is released people should run, not walk, to get it installed," said Trend Micro advanced threat researcher Paul Ferguson.
"This vulnerability is being actively exploited by cyber-criminals and getting worse every day."
Trend Micro has identified about 10,000 websites that have been infected with malicious software that can be surreptitiously slipped into visitors' unprotected IE browsers to take advantage of the flaw.
A major Internet portal in Taiwan is among the legitimate websites unknowingly tainted with malicious software aimed at IE's weak spot, according to Ferguson.
Microsoft said it has seen attacks targeting the flaw only in Internet Explorer 7, the most widely used version, but has cautioned that all other current editions of the browser are vulnerable.
Microsoft rarely issues security fixes for its software outside of its regular monthly updates. The company last did it in October, and a year and half before that.
The "exploit" is similar to one used recently to steal user names, passwords and other information from people playing online games in China, according to Trend Micro.
A Chinese computer security firm that had discovered attacks taking advantage of the IE flaw released details last week after evidently thinking Microsoft had fixed the problem with routinely released software patches.
"It spread like wildfire from there," Ferguson said. "I guess they were trying to be responsible and share what they knew about what was going on, but they were mistaken about it being patched.