Jump to content
Due to a large amount of spamers, accounts will now have to be approved by the Admins so please be patient. ×
IGNORED

SEVERE Microsoft Internet Explorer vulnerability - Windows users PLEASE READ


Recommended Posts

This one's a big one guys. This isn't your average chain letter email crap, this one could turn into the next Blaster/Sasser/Bugbear attack.

 

Microsoft updated the bug announcement yesterday:

http://www.microsoft.com/technet/security/advisory/935423.mspx

 

A vulnerability exists in Microsoft's animated cursor library that allows a website author to inject code via IE on all Windows platforms that can give them complete access to the system. This means anything from installing spyware and other nasties to complete control for botnets and other enterprises where your machine is sold to the highest bidder. On a personal level, that gives them access to all data coming and going from your machine, including bank account details, or any username/password for any online system you use.

 

According to a few media folks, the Chinese are all over this. I know a lot of guys here browse Asian websites for games and distributors.

 

http://news.google.com.au/news?hl=en&ned=au&q=microsoft+cursor&btnG=Search+News

http://www.techtvforever.net/?p=1406

http://www.privacydigest.com/2007/04/03/animated+cursor+worm+attacks+grow+over+weekend+april+2007

 

If you are a Windows user still using Internet Explorer, please strongly consider switching to Mozilla Firefox for at least the next month or so until this is properly patched and everything has settled down:

 

http://www.getfirefox.com

 

On install, Firefox will prompt you to import all of your IE settings, usernames and passwords, bookmarks, etc to make the switch easier.

 

Prevention is better than cure, so please take the steps to protect yourself and your private data. Microsoft have released a patch (available via Windows Update), but as with all their patches I prefer to trust alternative software for 30 days or so until it's proven that further patches won't be required over time. Virus scanners and anti-spyware tools are slow to catch up, so please don't rely ONLY on these. You need to be vigilant about your security, and stay safe in as many ways as possible.

 

If you have internet-using yet still computer-illiterate friends and family, please take the 10 minutes required to install Firefox on their machines on their behalf next time you are infront of them.

 

Stay safe all.

Link to comment
Share on other sites

Firefox is not going to save you for long... same exploit can be done through firefox as its a windows exploit not an IE exploit.

 

Patch up boys... and girls ;)

 

Good to let ppl know about these, Dan.

Link to comment
Share on other sites

Firefox is not going to save you for long... same exploit can be done through firefox as its a windows exploit not an IE exploit.

I read about that, but I'm dubious. So far there's been only one group who have said as much, and they are a microsoft-owned research group.

 

I'm not saying it's a lie, I'm just saying that I want a few other independents to verify it. Symantec have stated the opposite, so I'm waiting for the other bigwigs like Kapersky and co to make a statement.

 

Either way, patch early and patch often.

Link to comment
Share on other sites

Firefox is not going to save you for long... same exploit can be done through firefox as its a windows exploit not an IE exploit.

 

Patch up boys... and girls ;)

 

Good to let ppl know about these, Dan.

 

I was under the impression that firefox didn't support animated cursors.

Link to comment
Share on other sites

I read about that, but I'm dubious. So far there's been only one group who have said as much, and they are a microsoft-owned research group.

 

I'm not saying it's a lie, I'm just saying that I want a few other independents to verify it. Symantec have stated the opposite, so I'm waiting for the other bigwigs like Kapersky and co to make a statement.

 

Either way, patch early and patch often.

 

Agreed there...

 

I was also very dubious... but there are proof of concepts out there so its only a matter of time.

Link to comment
Share on other sites

Sophos actually had a patch out a few days ago (complete with the source for it) - but only fixed in pre vista versions of windows . Microsoft has just released a patch for it (out of their normal monthly updates ) - can be found here http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx . I would suggest if your running windows to apply this patch straight away. There is a version for almost all windows flavours (including Vista).

 

cheers

 

^lave

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...