Update Your Internet Explorer

Ducky

Master of the Moos
Moderator
from bbc.co.uk


Microsoft issues patch to fix IE


Microsoft has issued a security patch to fix a critical vulnerability in its Internet Explorer browser which it said has attacked over 2m Windows users.

The flaw is believed to have already infected as many as 10,000 websites.
The "zero day" exploit let criminals take over victims' computers by steering them to infected websites.
Microsoft's Christopher Budd said the software giant "encourages all IE customers to test and deploy this update as soon as possible".
He also said the threat led Microsoft to mobilise security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days".

o.gif
The company's security response team said the patch consists of more than 300 distinct updates for more than half-a-dozen versions of IE in around 50 languages. "Even with that, the release Emergency Response process isn't over," said Security Response Alliance director Mike Reavey.
"There is additional support to customers and additional refinement of our product development efforts."
Microsoft stressed that the flaw was proven to exist only in IE 7 on all applicable versions of Windows, but that IE 6 and the "beta" release of IE 8 were "potentially vulnerable".
Users who have automatic updates turned on will receive the patch over the next 24 hours while others can access it via a download.
'Wildfire'
The AZN Trojan has been making the rounds since the beginning of December but became public knowledge in the last week . Unlike other exploits, users only have to visit a malicious site with Trojans or other malware in order to become contaminated.

Once an infected web page is opened, malicious downloaders are installed on the computer designed to record keystrokes and steal passwords, credit card details and other financial information.
The sites affected are mostly Chinese and have been serving up programmes to steal passwords for computer games which can then be sold for cash on the black market.
Internet Explorer is the world's most widely used web browser with nearly three quarters of the market share.
Microsoft estimated that one in every 500 Windows users had been exposed to sites that tried to exploit the flaw and the number of victims was increasing at a rate of 50% daily.
Researchers at the software security firm Trend Micro said attacks were spreading "like wildfire".
"This vulnerability is being actively exploited by cyber-criminals and getting worse every day," said the company's advanced threat researcher Paul Ferguson.
Microsoft labelled the bug as "critical," the most serious threat ranking in its four-step scoring programme.


Firefox update
The update is something of an unusual move for Microsoft and underscores the seriousness of the zero day flaw.
The company rarely issues security fixes for its software outside of its regular monthly patch updates.
eanwhile Mozilla has released a scheduled update for its open source Firefox web browsers for at least 10 different vulnerabilities.
The bugs in the browser could have been "used to run attacker code and install software, requiring no user interaction beyond normal browsing," said Mozilla.
It is also reissuing calls for users to upgrade from Firefox 2.0 to Firefox 3.0 as soon as possible and said it is "not planning any further security and stability updates for Firefox 2".
This means Mozilla will no longer support the Firefox 2 browser against future online scams and attacks.

----------

So if you are still, for some strange reason, using IE, just go to microsoft.com and update your browser.

What comes to upgrading Firefox to 3.0 - man, I hate FF 3.0. I reinstalled 2.0 because couldn't work with the new one.
 
Ducky thanks for the update on Exploder oops I mean Explorer :lol: I got my fix done yesterday. And you have trouble with Firefox 3 :eek: wow I'm loving it. The only problem I have with it is it won't allow me into some adult content stories. It thinks I'm too young :guffaw:
 
Thanks Ducky, for the info. :)

Getting all my ducks (no pun intended :p) in a row and making sure my browser is as protected as possible.
 
I did this late last night, early this morning, but thanks for the heads up. :)
 
I would say do not use Internet Explorer :) Yes, of course some people like it, but somehow internet is so much faster in Firefox (at least to me it's like twice faster). IE freezes all the time. Good thing that you can tab your windows in the new version.

I don't think that these attacks would be possible in FF. JMO, though.
 
I didn't have to go to Microsoft.com to get it. 'Security Update for Internet Explorer 7 in Windows Vista' was automatically sent and all I had to do is tell it install now. If you're on an older version of windows you might have to go get it.

Susan
 
^^^ That's all I had to do too.

Thanks for all of the information Ducky. I probably would've ignored the update if it wasn't for this warning.
 
Last edited:
I didn't have to go to Microsoft.com to get it. 'Security Update for Internet Explorer 7 in Windows Vista' was automatically sent and all I had to do is tell it install now. If you're on an older version of windows you might have to go get it.

Susan

Yeah, I didn't realize this at first but last night (or this morning) my computer did its 'automatic update of critical security and programs'. So I haven't actually had to do anything, which is nice. Haven't checked out my Vista yet but my XP seems to have taken care of things--it seems to have included a security update for IE 7.
 
Last edited:
Thanks for the information, though I do not use either Firefox or Internet Explorer. I'd actually recommend Flock to anyone before any of those.
 
Ducky thanks for the update on Exploder oops I mean Explorer :lol: I got my fix done yesterday. And you have trouble with Firefox 3 :eek: wow I'm loving it. The only problem I have with it is it won't allow me into some adult content stories. It thinks I'm too young :guffaw:

FF 3.0 worked ok, but I was annoyed that when you start to type addy and want to go to first page.. let's say Facebook.. you go with www.fac... and instead of giving you "www.facebook.com" it gives you facebooklink with zillion characters, some page that you've visited last time you were logged in. Do you understand my point? :lol:
Besides, it didn't let me install Neopets Toolbar :p

Oh I have automatic updates as well, with my XP and I updated with it. I have to use Exploder :p every now and then because I update one website and their system only works with IE.

I also recommend that you switch to FF or Opera :p
 
The article only mentions this being a problem with version 6.0 and beta 8.0. But, I have 7.0, so is mine okay?
 
Back
Top