Friday, July 10, 2009

New "zero day" Microsoft IE exploit

This has been in the news quite a bit over the last few days, but the nature of it prompts me to briefly post about it: there is a vulnerability in Internet Explorer versions 6 and 7 that can cause your Windows XP or Server 2003 system to be "hacked" just by visiting a site that is serving up the exploit - you don't even have to click on anything. The Microsoft Security Advisory about it is a pretty technical read, so check out this link first for information that is actually readable 8^) . There is a link there that will use MS's relatively new "Fix It" technology to download a ".msi" installer file that will install a workaround. I just tried this and it is pretty easy to do!

Here is yet another example of why it might be smart to use a browser other than Internet Explorer - most casual (and some not-so-casual) Windows users have it as their default, and sometimes only browser. I have been using Firefox for several years - it's not perfect, and as it becomes more popular it's getting its own share of attention from the crooks, but it's still not as prevalent as IE by about two-thirds. Other alternatives are Opera and Google Chrome (neither of which I've used much).

If you insist in using IE, at least update to the latest version, IE 8 (read about it here). You might already have it, as MS has made it a critical update for most or all Windows versions - which I'm not sure I agree with. I suppose (and hope) that their motivation might be that it has enough significant security updates so as to make it "critical" for most IE users.

No comments:

Post a Comment