ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Tweaking IE to prevent further attacks (for now)

(1/4) > >>

zridling:
IE was allegedly used by hackers emanating from China. I've noticed the Chinese and Russians don't play nice online. Be interesting to see if Google really does walk away.



"Internet Explorer was one of the vectors" used in the attacks that Google disclosed earlier this week, Microsoft said in a statement. "To date, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6," the statement said. The vulnerability affects Internet Explorer 6, IE 7, and IE 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4, Microsoft said in an advisory on Thursday afternoon.

The hole exists as an invalid pointer reference within IE and it could allow an attacker to take control of a computer if the target were duped into clicking on a link in an e-mail or an instant message that led to a Web site hosting malware, Microsoft said. "It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems," Microsoft said in the statement.

Microsoft is working on a fix but could not say whether it would address the issue as part of its next Patch Tuesday scheduled for February 9 or before. Setting the IE Internet zone security setting to "high" will protect users from the vulnerability by prompting before running ActiveX Controls and Active Scripting, Microsoft said. Customers should also enable Data Execution Prevention (DEP), which helps mitigate online attacks, the company said. DEP is enabled by default in IE 8 but must be manually turned on in earlier versions.

Stoic Joker:
So all the Email I've been receiving from hot Russian girls wanting to meet me weren't real...  :D

I'd been wondering what that was all about.

lanux128:
Firefox + NoScript, nuff said. :)

Stoic Joker:
Firefox + NoScript, nuff said. :)
-lanux128 (January 15, 2010, 08:11 PM)
--- End quote ---
Firefox has had its share of issues in the past ... everyone gets a turn.

From the article:if the target were duped into clicking on a link in an e-mail or an instant message that led to a Web site hosting malware.
--- End quote ---
Once again, this is more of a social engineering exploit, which simply proves that the only really effective form of security is Common Sense (which I parodied earlier).

If been using IE for years to (at times) surf some of the darkest alleys of the web...and never had an issue. ...It's simply a matter of Defensive Driving on the Information Highway.

f0dder:
Stoic Joker: still, from what I see the exploit only requires you to visit a malicious site, not to manually run any .exe, .pdf, whatever. Hack one banner server and insert the exploit... *b00m*. It's also a bit scary how many versions of IE it affects... 6->8?

Navigation

[0] Message Index

[#] Next page

Go to full version