Microsoft’s Internet Explorer is Vulnerable to Attacks

by Mahesh Kukreja · 0 comments

in Technology News

Hi Guyz, Just got the news.

Microsoft Internet Explorer users, beware. There’s a security flaw in all versions of the browser that leaves you wide open for attack. At least two million computers have already been infected.

The exploit doesn’t require users to click on links or download software from the Internet. Rather, it infects users when they open a Web page. The goal is to steal passwords, according to security experts, gain access to financial data and otherwise steal the victim’s identity.

“Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer,” said the company in a release on its Web site. Microsoft did not offer information on when a patch might be available.

Unpatched and Dangerous

Security flaws in browsers are certainly nothing new. But the difference with this one is there is no patch. No fix from Microsoft means that millions of Internet users may be at risk of infection simply from browsing the Web, according to Graham Cluley, a senior security consultant at Sophos.

“We are seeing infections on pornographic Web sites — and it’s not clear if these have been hacked or have been deliberately set up to infect surfers,” Cluley said. “Of course, Web-site attackers don’t just target porn sites. We see something like 20,000 new infected Web pages every single day — that’s one every 4.5 seconds — and the vast majority of those are legitimate sites that have been compromised by the likes of an SQL injection attack.”

How to Protect Yourself

Some computer users may be tempted to switch, if only temporarily, to alternative browsers such as Firefox, Safari and Google Chrome. Even Microsoft has suggested this as a temporary workaround.

However, Cluley cautions that all browsers have vulnerabilities and can be exploited — and switching the browser all employees use in a corporate setting isn’t a practical option. With so many attacks being discovered all the time, he continued, enterprise Web protection is a must.

“There’s no such thing as a 100 percent flaw-free Web browser,” he stressed. “To reduce the risks, you need to change your surfing behavior and ensure that your systems are properly protected with up-to-date antivirus software, patches and firewalls.”

Whatever the browser choice, Cluley said users need to ensure they have up to date, effective security in place. Quality generic detections are proven to be effective against new malware, and URL filtering can add a significant layer of protection against Web-borne threats, he advised.

Password Management

Password management is also an issue. Sophos’ research reveals that 40 percent of people use the same password for every Web site they visit. That means if hackers manage — through this flaw or other means — to steal your password, it might unlock a huge amount of other information for them.

“Regardless of this current exploit, therefore, it is essential that people take greater care over their passwords,” Cluley said, “not just choosing hard-to-crack non-dictionary passwords, but also ensuring that they don’t use the same password for everything.”

Out-of-Cycle Patch Coming?

Cluley expects Microsoft is feverishly attempting to build a fix for this problem. But a fix won’t come overnight. Microsoft, he said, also has the challenge of testing the patch before it is released.

“After all, no one wants Microsoft to roll out a patch that doesn’t work, or one that causes more problems than it attempted to solve,” Cluley said. “We don’t know yet when Microsoft will be in a position to release a fix, but much of the online world is waiting for it with bated breath.”

Subscribe to our mailing list

* indicates required

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: