Microsoft sees 'huge increase' in IE attacks

Discussion in 'other security issues & news' started by HURST, Dec 15, 2008.

Thread Status:
Not open for further replies.
  1. HURST
    Offline

    HURST Registered Member


    http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123398
  2. Rmus
    Offline

    Rmus Exploit Analyst

    Microsoft has elaborated on the various work-around measures for this exploit until a patch is released:

    Clarification on the various workarounds from the recent IE advisory
    http://blogs.technet.com/swi/archiv...-workarounds-from-the-recent-IE-advisory.aspx

    From the computerworld article you cited (thanks!),

    This explains why using IE6, the exploit would not run on sites that I looked at. The code checks for the versions of IE and the Operating system.

    Note, however, that the IE7 exploit has been seen packaged with other exploits that affect IE6, so that an unpatched IE6 would be vulnerable should one encounter a compromised website.

    One of Microsoft's recommendations is to Enable DEP (data execution prevention). Another consideration, because the payload is a trojan executable file,

    those with Software Restriction Policies enabled will prevent the trojan from running.


    OTHER REFERENCES

    0-day exploit for Internet Explorer in the wild
    http://isc.sans.org/diary.html?storyid=5458

    IE7 0day expanded to include IE6 and IE8(beta)
    http://binarycse.com/wordpress/?p=68


    ----
    rich
  3. Pedro
    Offline

    Pedro Registered Member

    Waiting for Patch Tuesday? ..
  4. ghodgson
    Offline

    ghodgson Registered Member

    Another very good reason to ditch IE and go with Firefox or Opera.
  5. Kerodo
    Offline

    Kerodo Registered Member

    They're all the same... they all have vulnerabilities that keep surfacing, then they patch 'em and life goes on...
Thread Status:
Not open for further replies.