[ news_security_news ]
Critical Flaw In Internet Explorer
John Stith
Staff Writer
2005-11-22
 Security News RSS Feed
Folks who use Microsoft's Internet Explorer (IE) may be in for a wild ride as exploit code for a critical flaw in fully patched versions of IE begins to make its rounds on the Internet. This puts millions of users at risk for denial of service (DoS) attacks that hijack computers.
The attacks, reported on Monday, fall into the worst-case scenario for because they are a "Zero-Day" attack. This means less than 24 hours after the flaw was discovered, exploits were en route to unsuspecting users.
According to the SANS Internet Storm Center (ISC) blog, a group in the UK calling themselves "Computer Terrorism" released the proof of concept against patched versions of IE.
Microsoft has been aware of the vulnerability for months but didn't fix it because at the time, they didn't believe it could be utilized in such a way to warrant measure being put into place. The flaw was much worse than anticipated.
Microsoft said in their bulletin, "This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible."
Right now, the best cure is to turn off the javascript or use another browser. There's no fix currently and it's probably a safe bet it'll be January before anything is out. Microsoft does not currently have a fix for the machine.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Security News RSS Feed
|
|
