Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - News > Syndicated Linux News
User Name
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.


  Search this Thread
Old 12-16-2008, 11:20 AM   #1
LXer NewsBot
Registered: Dec 2005
Posts: 111,785

Rep: Reputation: 118Reputation: 118
LXer: Serious security flaw found in IE

Published at LXer:

Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed. The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say. Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Old 12-16-2008, 11:46 AM   #2
Senior Member
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
NO! Really???

A security problem with IE????

Wow. Who woulda thunk it!
Old 12-16-2008, 04:41 PM   #3
LQ 5k Club
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.2
Posts: 7,811
Blog Entries: 58

Rep: Reputation: Disabled
I only used it once - to download Firefox.
Old 12-18-2008, 09:05 AM   #4
Registered: Jul 2008
Distribution: Arch, Debian
Posts: 61

Rep: Reputation: 18
It looks like the patch is out -- and it only took them EIGHT DAYS, while millions of computers were compromised:

Microsoft releases emergency patch for IE

by Glenn Chapman – Wed Dec 17, 4:45 pm ET

SAN FRANCISCO (AFP) – Microsoft on Wednesday released an emergency patch to fix a perilous software flaw allowing hackers to hijack Internet Explorer browsers and take over computers.

The US software giant said security update MS08-078 addresses a vulnerability cyber-criminals can exploit to their advantage.

"Microsoft encourages all IE customers to test and deploy this update as soon as possible," said Microsoft security response communications head Christopher Budd.

The threat led Microsoft to mobilize security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days."

According to researchers at software security firm Trend Micro, attacks based on the vulnerability in the world's most popular Web browser were spreading "like wildfire" with millions of computers already compromised.

Microsoft typically releases patches for its software on the second Tuesday of each month and rushing this fix to computer users out-of-cycle is testimony to the severe danger of the threat, according to Trend Micro.
Wow, nice way to spin a negative into a positive. You normally have to wait a entire MONTH for a bug fix from microsoft even if one is available right away, but when it's a serious security hole that opens your entire computer to hackers you only have to wait a little over a WEEK. I guess that's microsoft's definition of "service."

And what about all the people who were just busy and never heard about this security threat? They might not be patched even now, especially if they have turned of automatic spy-dates, I mean updates.

"People should run, not walk, to get it installed," said Trend Micro advanced threat researcher Paul Ferguson. "This vulnerability is being actively exploited by cyber-criminals and getting worse every day."
People should run, not walk, to remove windoze from their computers and install Linux! They don't mention that, though.

You have to wonder why more people haven't sued microsoft for the damage caused by their security holes and shoddy, vulnerable software. If I paid for and used that crap, I would be p*ssed!

rest of story:

The IE software patch will be automatically applied to hundreds of millions of personal computers due to standard update settings in the machines, according to Microsoft Security Response Alliance director Mike Reavey.

Wednesday morning, business networks using IE began getting the critical fix through routine patching processes.

Reavey said Microsoft went into "emergency response" mode on December 9 after it first learned of the attacks on IE browsers.

A day later, Microsoft published a security advisory that "listed workarounds that blocked all known attacks."

"Over the course of the next eight days, this advisory was updated five times, adding newer workarounds and mitigations," Reavey said. "We also continually monitored the threat environment, noting when the attacks began to change in nature and scope."

Trend Micro has identified about 10,000 websites that have been infected with malicious software that can be surreptitiously slipped into visitors' unprotected IE browsers to take advantage of the flaw.

A major Internet portal in Taiwan is among the legitimate websites unknowingly tainted with malicious software aimed at IE's weak spot, according to Ferguson.

Hackers can take control of infected computers, steal data, redirect browsers to dubious websites, and use machines for devious activities such as attacks on other networks, according to security specialists.
In other words, we're actually ALL more vulnerable now thanks to microsoft's crappy software and poor security responses.

"What makes this so insidious is it takes advantage of a big gaping hole of IE, which has the largest install base of any browser on the market," Ferguson said.

IE is used on nearly three-quarters of the world's computers, according to industry statistics from November.

Reavey said the patch consists of more than 300 distinct updates for more than half-a-dozen versions of IE in scores of languages.

Analyst Rob Enderle of Enderle Group in Silicon Valley said it was "amazing" that Microsoft was able to turn out a complex critical fix in a week when such jobs typically can take a month or longer of intense work.

"Even with that, the release Emergency Response process isn't over," Reavey said. "There is additional support to customers and additional refinement of our product development efforts."

Trend Micro urges IE users to heed precautionary advice from Microsoft, or avoid using the browsers, until the patches are applied.

The "exploit" is similar to one used recently to steal user names, passwords and other information from people playing online games in China, according to Trend Micro.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Mozilla patches major Firefox security flaw LXer Syndicated Linux News 1 02-24-2007 10:00 PM
LXer: Pdf Reader Flaw Found for IE, Firefox LXer Syndicated Linux News 0 01-05-2007 09:33 PM
LXer: Image Processing Flaw Found in Firefox LXer Syndicated Linux News 0 05-17-2006 09:21 PM
LXer: Google's Firefox has plug-in security flaw LXer Syndicated Linux News 0 12-17-2005 04:01 AM
LXer: Microsoft warns of 'critical' Windows security flaw LXer Syndicated Linux News 2 12-13-2005 09:22 PM > Forums > Linux Forums > Linux - News > Syndicated Linux News

All times are GMT -5. The time now is 12:14 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration