Exploited vulnerability in Interent Explorer

[FreewheelinFrank]

Microsoft "aware of limited, active attacks" against IE6 (Translation: IE6 is getting pwned) although IE7 and IE8 are also vulnerable.

http://www.microsoft.com/technet/security/advisory/979352.mspx

Via Brian Krebs' excellent new blog.

http://www.krebsonsecurity.com/2010/01/mcafee-ie-0day-fueled-attacks-on-google-adobe/#more-473

[Chris Thomas]

I consider all IE versions as a bug.

I wish them all the best for IE 9

[Hermite15]

this is already being discussed here, see the second page of the thread:
http://forum.avast.com/index.php?topic=53364.msg452547#msg452547

edit: actually I just notice you posted about that before I did, but this is very relevant to the current Google issues with China.

[Hermite15]

I consider all IE versions as a bug.

nice one Chris  and +1

[polonus]

Hi malware fighters,

The Google hack IE6 vulnerability has now been made public, while it was uploaded to wepawet:
http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js

polonus

[Jahn]

I believe separating IE from the Windows OS would be a step in the right direction. I wonder if MS has ever considered doing this...

[essexboy]

Who uses IE6 nowadays ?

[Hermite15]

Who uses IE6 nowadays ?

that's an interesting question...why a Google employee would run IE6...

[spg SCOTT]

Who uses IE6 nowadays ?

My school... some of the pc run it still...so I run Fx portable...still goes through their proxy so they don't care...

[FreewheelinFrank]

Who uses IE6 nowadays ?

36.57% of IE users; 20.99% of browsers.

http://en.wikipedia.org/wiki/Template:Msieshare1

[FreewheelinFrank]

German government warns against using MS Explorer

The German government has warned web users to find an alternative browser to Internet Explorer to protect security.

http://news.bbc.co.uk/2/hi/technology/8463516.stm

[Hermite15]

German government warns against using MS Explorer

The German government has warned web users to find an alternative browser to Internet Explorer to protect security.

http://news.bbc.co.uk/2/hi/technology/8463516.stm

nice, it took 15 years to have such an official reaction, well I guess it's never too late 

[Marc57]

Ed Bott has a good write up about this:

http://blogs.zdnet.com/Bott/?p=1645&alertspromo=&tag=nl.rSINGLE


And a chart of what's affected.

[polonus]

Hi malware fighters,

The MS fix until the next patch-round can be found here:
http://forum.avast.com/index.php?topic=52252.msg454398#msg454398

polonus

[FreewheelinFrank]

Microsoft to patch hole in Internet Explorer

Microsoft will patch a hole in its Internet Explorer browser that may have allowed Chinese hackers access to human rights activists' e-mail accounts.

The firm normally issues patches at a set time each month but said that the attention the problem had received forced it to move more quickly.

It follows the French and German governments decision to advise citizens to use other browsers.

Security experts said they had seen malicious code exploiting the weakness.

If a web user were to visit a compromised site using a vulnerable browser, they could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information.

Microsoft said on 18 January that there were "very few" infected sites on the web.

But Security firm Sophos said now it had seen "copycat" sites trying to exploit the vulnerability.

"Though numbers are still very low, over the past 24 hours or so we have seen a few sites serving up malicious code attempting exploit the vulnerability," it said in a blog post.

'Weak link'

The bad publicity has allowed rivals such as Firefox to gain market share.

http://news.bbc.co.uk/2/hi/technology/8469632.stm