Tag Archives: critical

Critical IE vulnerability found, browser switch recommended

Critical Internet Explorer vulnerability found, browser switch is recommended.

Serious security flaw found in IE

The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world’s computer users.

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

But Microsoft counselled against taking such action.

“I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group.

He added: “We’re trying to get this resolved as soon as possible.

“At present, this exploit only seems to affect 0.02% of internet sites,” said Mr Curran. (Source: BBC)

Browsing vigilantly is not something a normal user can do unless only use your web mail. The internet is filled with links all around. Even once in a while I ended up on phishing sites I try hard to avoid. It could be just an innocent advertisement.

Description:

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.

Successful exploitation allows execution of arbitrary code.

NOTE: Reportedly, the vulnerability is currently being actively exploited.

The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected. (Source: Secunia)

I would recommend a temporary switch to a competing browser.