US-CERT: Beware of IE

Discussion in 'other security issues & news' started by ronjor, Jun 29, 2004.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser.

    On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of "significant vulnerabilities" in technologies embedded in IE.

    "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME-type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites," US-CERT noted in a vulnerability note.

    Internet Explorer
     
  2. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Verrry interesting. You think a statement like that from CERT will finally get MS up off their butts so we can finally get the patches everyone's anxiously (and vainly, so far) waiting for?
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas

    No. :D
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Well... according the register:

     
  5. Kmtnwmn

    Kmtnwmn Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    2
    I was wondering if there were any security software (IE: Firewall, AV) that consistently protected a end-user (running IE with java enabled) from this exploit if they surfed a compromised web-site.

    As much as I have read on the javascript exploit I never saw where there was a "knight in shining armor" program that would alert the user and prevent any loss of information. Was there one?
     
  6. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Microsoft have issued the patch today for the download.ject vuln - it is not yet listed (UK) on the update site but I was able to install it from the main microsoft.com/downloads - I have the link but am not sure if I can post it here as it will probably be in the updates section soon o_O

    It is the one to disable ADOB.Stream and adds and key the Active X in the registry. The patch is supposed to be posted on Windows update but they must be working a different times for this.
     
Loading...
Thread Status:
Not open for further replies.