Vulnerability In Internet Explorer Could Allow Remote Code Execution

[klikster]

http://www.microsoft.com/technet/security/...ory/961051.mspx

http://blogs.pcmag.com/securitywatch/2008/...lnerable_to.php

[george]

Nasty one.

Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

At this time, we are aware only of limited attacks that attempt to use this vulnerability. Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability.

technet has published some "workaround" steps:

http://blogs.technet.com/swi/archive/2008/...E-advisory.aspx

[nikster]

Microsoft sees 'huge increase' in IE attacks

Sounds pretty bad. However, there is a very easy fix - get Firefox.

I am not sure this is related, but I was browsing several hotel websites (e.g. the websites the hotels themselves maintain, not hotels.com) and got security warnings that these contain malicious code. I was looking at several nice boutique hotels in Chiang Mai and got the warning on three of them. I am on Mac/Safari so I ignored them. But for the love of God, stop using IE, people

PS: Beware that AV programs do not protect against these exploits.

Edited December 15, 2008 by nikster

[kiakaha]

ever since i stopped using Explorer many years ago , i have had ZERO infections of any kind on my PC.

Says a lot.