New IE Security Flaw Called 'extremely Critical'

[george]

Danish security company Secunia has upgraded a security warning on a flaw in Internet Explorer 6.0, to "extremely critical".

The flaw allows malicious code to be loaded onto the machines of Windows XP users, even though they may have installed the XP Service Pack 2 security software.

It opens a machine to hackers even though a user has not completed any action - they simply have to visit a web page containing the rogue code.

Nathan Mercer, technology specialist at Microsoft New Zealand, confirmed that three patches will be released tomorrow morning, NZ time. However, Mercer was unable to say whether the patches cover the Internet Explorer-related issues reported by Secunia.

Check if your computer is vulnerable here:

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:

http://secunia.com/internet_explorer_comma...erability_test/

[davethailand]

I am vulnerable

[george]

Mee too.

[Insight]

Just had a bit of a giggle at the short-but-sweet "Solution" in their advisory

[francois]

hi'

I'm not, both Firefox 1.0 and Netscape 7.2 simply don't react to the click.

javascript.start(): ...

feeling good

francois

[RDN]

hi' 

I'm not, both Firefox 1.0 and Netscape 7.2 simply don't react to the click.

javascript.start():  ...

feeling good

francois

<{POST_SNAPBACK}>

Ditto - then I ran IE and the result was "You are vulnerable"

Glad these guys don't go for Firefox. Yet

[george]

Danish security company Secunia has upgraded a security warning on a flaw in Internet Explorer 6.0, to "extremely critical".

The flaw allows malicious code to be loaded onto the machines of Windows XP users, even though they may have installed the XP Service Pack 2 security software.

It opens a machine to hackers even though a user has not completed any action - they simply have to visit a web page containing the rogue code.

Nathan Mercer, technology specialist at Microsoft New Zealand, confirmed that three patches will be released tomorrow morning, NZ time. However, Mercer was unable to say whether the patches cover the Internet Explorer-related issues reported by Secunia.

Check if your computer is vulnerable here:

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:

http://secunia.com/internet_explorer_comma...erability_test/

I am ok now after getting the latest patch from Bill Gates. Phew!

[melus]

With Firefox 1.0 - not. With IE 6.0 - not. I have ActiveX disabled - but how?

[mrk]

hi' 

I'm not, both Firefox 1.0 and Netscape 7.2 simply don't react to the click.

javascript.start():  ...

feeling good

francois

<{POST_SNAPBACK}>

neither does IE

no auto updates enabled.

[george]

Just got Microsoft automatic update. Installed and rebooted. Not vulnerable any longer. &lt;deleted&gt; the hackers!

[Sunshine]

I never use Internet Explorer. Firefox is the way to go

[meadish_sweetball]

I would be vulnerable had it not been for Kerio Personal Firewall that intercepted the Command Prompt and asked me if I wanted to permit the action or not.

Brilliant firewall. I also use Firefox 99.5% of the time, and IE only when necessary because of site restrictions.

[chanchao]

In Fireofox no problem, of course.

In Windows I have ActiveX turned off. It asks me to turn it on is a page uses it. I would never turn it on if it was a dodgy site. (I.e. anything that's not one of the sites I regularly visit and trust, which is only a handful).

Even after clicking to allow ActiveX though, it came back saying that my security settings prevent me from running it.. So even with IE I would have been okay.

That said, even though I use only Firefox, I did run into some kind of adware that opens op web pages (in Firefox) of ad sites. Even worse: Ad sites that are made to look like an ad for something else. Like it would open 'hotjobs by Yahoo' (with their logo and style and everthing) but the link would point some place else.

I wish someone would make 'bringing these folks to justice' a priority.

[chanchao]

Cool, I run valid licensed windows!!!!!!!!!!!!!!!!!! Just tried the validation step.

The result is a surprise, given that my copy came from Mr. Happy's VCD & Game shop for 100 baht.

My confidence in Mr. Happy has been restored. Highly recommended.

[Insight]

I wish someone would make 'bringing these folks to justice' a priority.

<{POST_SNAPBACK}>

But bring who to justice? Secunia merely identified the vulnerability; nobody's actually exploited it yet.

Okay, it's yet another bug in IE, but it is software - these things happen...

[Khun Jean]

Don't be too sure Firefox is safe. Every piece of software can have vulnerabilities.

Same site other product page.

http://secunia.com/product/4227/

[chanchao]

> But bring who to justice?

Creators of ad-ware, spyware, spam, malware, trojans and viruses, in that order.

(Sorry I wasn't too clear on who exactly needs escorting to justice. )

[taxexile]

can someone tell me what exactly is activex , and why is it wise to turn it off. and how to turn it off.

(running winxp pro...sp1.,explorer6,zone alarm pro,spybot,microsoft beta,adaware,norton antivirus 2003 pro... would have thought that all that would be protection enough. !)

thanks

[cdnvic]

can someone tell me what exactly is activex , and why is it wise to turn it off. and how to turn it off.

(running winxp pro...sp1.,explorer6,zone alarm pro,spybot,microsoft beta,adaware,norton antivirus 2003 pro... would have thought that all that would be protection enough. !)

thanks

Active X is basicly what allows all these little goodies that complicate sites to run. Video, streaming media, etc, are active x applications. Because it interacts with your computer, rather than just displaying a static site, there are risks that it may be used to invade, or compromise your system.

Ten years ago, the internet rocked... then this came along

This site will explain it better than I can... I'm way past needing sleep.

http://www.active-x.com/articles/whatis.htm

goodnight

cv