Unpatched Internet Explorer exploit hits the Web

[Matthew DeCarlo]

Israeli security researcher Moshe Ben Abu has published the exploit code of an unpatched Internet Explorer security hole. With the help of a McAfee blog post, Abu pinpointed the vulnerability in about 10 minutes. Microsoft warned on Tuesday that the bug could allow an attacker to take control of a computer, and advised users of IE 6 and 7 to install version 8 as soon as possible.

CNET asked Abu how dangerous the vulnerability is, and his response was in line with Microsoft's recommendation of updating to IE8. Abu also noted that the exploit is quite unstable, with about 60% to 70% success rate, and confirmed that it is critical to older builds of IE. Microsoft provided additional workarounds in its advisory for users who can't upgrade to the latest browser version.

Although information in McAfee's sped up the process, Abu said he would have found the vulnerability anyway. McAfee said the post in question did not contain enough information to directly lead anyone to the hole, but the firm's future blog posts will undergo "additional sanitization" to avoid giving exploit writers a starting point when hunting for exploit code.

Permalink to story.

https://www.techspot.com/news/38202-unpatched-internet-explorer-exploit-hits-the-web.html

 

[TomSEA]

Just say "no" to IE! Too many other better browsers around to mess with that and worry about the countless security issues.

 

[buendia]

For regular users, no need for IE. There's plenty of very good alternatives (Firefox, Opera,Chrome). Provided you really want to use IE, always upgrade to the latest version and regurarly install updates.

 

[Guest]

Oh, so nothing new?

 

[Timonius]

Guest said:
Oh, so nothing new?

yeah pretty much.

As for businesses still using IE6...you better get your act together soon...and if you're big enough you need to try to eliminate the dependancy on someone else's browser technology.

 

[ludoboss]

A lost war! Microsoft must be directed to win the search engine war ad let other do browsers. Chrome, Opera and Firefox is over the top. MS u cannod do all better. U make win7: TNX!

 

[Guest]

well if people would simply update their computers then they would already have IE8 insytalled. Its not that hard people.

 

[Guest]

Why should people tolerate all the problems with IE when they have paid for a software that is suppose to be superior. Seems that Microsoft creates products with holes to try and force people to upgrade their products. People are paying for the right to be test subjects.

 

[Relic]

Guest said:
Oh, so nothing new?

Heh ya, first thing that came to mind when I read the headline too.

 

[elroacho72]

I like IE8, I still can't believe there is that many people stuck back on IE6or7.Wait yes I can My Dad still uses Madia player 9, why, why just update and live a little.Thank, You that is all.

 

[rajmond]

I can understand some people who use IE 8 (because it's part of the most used operating system) but I don't know who uses still IE 6 & 7. It's nothing new that there if a new hole in Microsoft Internet Explorer. The best choice would be to change to a new browser ( Firefox or Chrome)

 

[CodePhoeniX]

Hmm.. I cant remember why i use Firefo.... oh... nevermind.

 

[Kovach]

What's on my mind right now is why people still keep using IE after all these exploits coming? There are a lot of options to choose, but no, people are lazy to install another browser.

 

[compdata]

Kovach said:
What's on my mind right now is why people still keep using IE after all these exploits coming? There are a lot of options to choose, but no, people are lazy to install another browser.

Come on. We know that there are exploits in every browser. More issues are found in the common ones becuase they are the ones that get targeted. The real issue here is that people don't keep their computers up to date and so they are vulnerable.

 

[Kibaruk]

I haven't used IE since forever... although there are some specific sites that are only for IE even nowadays which is kind of prehistoric, but still IE 8 isn't affected according to this.

 

[jrronimo]

Kovach said:
What's on my mind right now is why people still keep using IE after all these exploits coming? There are a lot of options to choose, but no, people are lazy to install another browser.

Not everyone has a choice -- Some of the web-based-systems that some of my users log into don't support IE8 yet. Sometimes they'll run... sometimes they'll run in Firefox, but not always. So they stick it out with IE7.

Luckily, there are workarounds for this published by Microsoft. Obviously the vendor of the web-software needs to update, but until they do we can only wait.

 

[Kovach]

compdata said:

Kovach said:
What's on my mind right now is why people still keep using IE after all these exploits coming? There are a lot of options to choose, but no, people are lazy to install another browser.

Come on. We know that there are exploits in every browser. More issues are found in the common ones becuase they are the ones that get targeted. The real issue here is that people don't keep their computers up to date and so they are vulnerable.

Yes, I agree with you about updates and that there are exploits in every browser. But please, IE is hole without the end. It has more announced exploits than any other browser. Am I right?

 

[seefizzle]

What's internet explorer?

 

[Kovach]

jrronimo said:

Kovach said:
What's on my mind right now is why people still keep using IE after all these exploits coming? There are a lot of options to choose, but no, people are lazy to install another browser.

Not everyone has a choice -- Some of the web-based-systems that some of my users log into don't support IE8 yet. Sometimes they'll run... sometimes they'll run in Firefox, but not always. So they stick it out with IE7.

Luckily, there are workarounds for this published by Microsoft. Obviously the vendor of the web-software needs to update, but until they do we can only wait.

Yes, you are completely right. I was thinking about people that has choice and being lazy about choosing another browser, safer and faster.

 

[GACrabill]

Kovach said:
Yes, I agree with you about updates and that there are exploits in every browser. But please, IE is hole without the end. It has more announced exploits than any other browser. Am I right?

No ... I don't think that you are correct.
We just don't hear about the Firefox holes.
Hasn't Firefox had more security fixes for two years in a row now than IE has had?
Do some research ... lots of Firefox security fixes occur that we never hear about ... blame the media, or start blaming Mozilla.

 

[zyodei]

Hahah..just got done showing my coteacher a few of the basic features of Opera.

Here in Korea, IE6 is still the standard - used on 90%+ of computers.

I'm serious.

She was BLOWN AWAY by tabbed browsing

My current computer is a C2D with 2 Gigs of RAM..and came OEM with XP (good) and IE6 (hahaha..but irrelevant anyway)

 

[jacob007]

IE who?

 

[pipopaz]

TomSEA said:
Just say "no" to IE! Too many other better browsers around to mess with that and worry about the countless security issues.

You just gave the perfect solution! I agree as well that IE has way to many vulnerabilities exploited in the past.

 

[Yoda8232]

Solution? Don't use IE, but in all honesty after using all 5 major browsers I use Firefox as my main browser (secure and very customizable), Chrome as a backup (extremely fast), and IE if needed because it's compatible with all the websites because basically all the websites are made for IE because it's WAS the most popular browser.

 

[ToastOz]

First mistake was using IE.