New vulnerability in IE

[bob3160]

That makes absolutely no sense. The latest IE 7 Beta is the only version of IE that is NOT affected by this vulnerability? Not to mention IE 7's interface is 100 times better than IE 6, you can easily uninstall it if you don't want it.

Have to agree with that statement.
If you use an IE based browser like I do, it also makes it safer. 

[neal62]

tednelly,

Lol, yes me thinks they haven't had enough practice either. Practice does make perfect in alot of situations. 

[CharleyO]

That makes absolutely no sense. The latest IE 7 Beta is the only version of IE that is NOT affected by this vulnerability? Not to mention IE 7's interface is 100 times better than IE 6, you can easily uninstall it if you don't want it.

Along with Bob, I have to say that if you are using IE or any browser based on IE then it would certainly be best to update to IE7 Beta2 version 5335.5 which I did the next day after that version release.   

I would not say that IE7's interface is 100 times better but it is certainly better by some degree. And as Mastertech says, it is easily uninstalled should you want to do so. Actually, I have done that with the latest build and then re-installed it to fix a minor glitch with an add-in for the browser.   


***

[polonus]

Hi CharleyO,

One thing we must conclude, and that is to the benefit of all.
Always update and always patch continuously. That is one of the basic secrets. Then a great help is to surf with normal users'rights, and to reduce the users' rights for processes with a program like ShareEnum. very informative program to see where your policies are wrong. Only allow scripts when you really cannot do without it also helps a lot towards safe browsing, whatever type of browser you may use. The final conclusion for me burns down to this "a browser is as secure as the owner who uses it". Period.

polonus

[Mastertech]

Normal User accounts for any power user are practically useless and not a realistic solution. They are also completely unnecessary with the proper security policies.

[CharleyO]

***

Yes, I agree with you on all of the above, Polonus. I get many prompts about scripts & ActiveX because I want to know before rather than after something happens.

The final conclusion for me burns down to this "a browser is as secure as the owner who uses it". Period.

Nothing truer can be said about any browser than the statement above. It is, after all is said and done, up to the browser owner/user to be as secure and as safe as is possible.


***

[FreewheelinFrank]

Microsoft mulls rushing out IE patch

Microsoft may rush out a security update for Internet Explorer to fix a flaw that is now being exploited to attack Windows systems, security companies say.

Computer code that demonstrates how a hacker can use the flaw to take over a PC was released onto the Net on Thursday. At least two such exploits were made public, and one has now been adapted to attack systems, Monty IJzerman, the manager of security content at McAfee, said on Friday.

"This exploit code is being used in the wild in malware," or malicious software, IJzerman said. "I expect other attacks to be prepared and to be out there over the next few days."

In a security advisory issued Thursday, Microsoft said it will address the vulnerability in a security update, but did not say when that patch would be delivered. Its next "Patch Tuesday" bundle of fixes is scheduled for April 11. On Friday, however, Microsoft indicated that a security patch might be released outside of the regular cycle.

"It is on the table," said Stephen Toulouse, a program manager in Microsoft's Security Response Center. "Every time any kind of exploitation is going on, it is on the table."

The flaw is the third to hit Microsoft this week. It has to do with how Internet Explorer handles the "createTextRange()" tag in Web pages. A hacker could take advantage of it to gain control over a vulnerable PC by crafting a specially coded Web site, Microsoft said.

McAfee found that a Web site is using the IE vulnerability to sneak malicious code onto vulnerable Windows PCs, IJzerman said. The company has updated its security software to protect against that code, which IJzerman could only describe as something related to spyware.

http://news.com.com/Microsoft+mulls+rushing+out+IE+patch/2100-7349_3-6053961.html?tag=cd.top

[polonus]

Hi FwF,

Read here: http://www.2-spyware.com/news/post71.html

Time for some measures.

polonus