InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Serious flaw in Internet Explorer not fixed yet? |
|
Answer» http://www.mercurynews.com/ci_11238205?nclick_check=1 SAN FRANCISCO—Users of all current versions of Microsoft Corp.'s Internet Explorer browser might be vulnerable to having their computers hijacked because of a serious security hole in the software that had yet to be fixed Monday. The flaw lets criminals commandeer VICTIMS' machines merely by tricking them into visiting Web sites tainted with malicious programming code. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc. The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the BLACK market. However, the hole is such that it could be "adopted by more financially motivated criminals for more serious mayhem—that's a big fear right now," Paul Ferguson, a Trend Micro security researcher, said Monday. "Zero-day" vulnerabilities like this are security holes that haven't been repaired by the software makers. They're a gold mine for criminals because users have few ways to fight off attacks. The latest vulnerability is noteworthy because Internet Explorer is the default browser for most of the world's computers. Also, while Microsoft says it has detected attacks only against version 7 of Internet Explorer, which is the most widely used edition, the company warned that other versions are also potentially vulnerable. Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates, but declined further comment. The company is telling users to employ a series of complicated workarounds to minimize the threat. Many security experts, meanwhile, are urging Internet Explorer users to use another browser until a patch is released. Microsoft Security Advisory, regarding the above issue: http://www.microsoft.com/technet/security/advisory/961051.mspxWill be interesting to see if Microsoft addresses this issue since they said that the last set of patches was going to be the last patch until the new year. http://www.internetnews.com/bus-news/article.php/3791581/Microsoft+Set+to+Fix+IE+Zero+Day+Flaw.htm Quote Microsoft is set to release an out of cycle patch for the zero day IE flaw that has left users at risk since Thursday December 11TH when the flaw was first reported.The patch is available now. http://www.microsoft.com/technet/security/Bulletin/MS08-dec.mspxInternet Explorer is a glorified UPDATER that happens to be able to browse the web. Mine was WAITING in the System Tray when I started the computer just now so it looks like they have actually pushed out a non-standard automatic update release.I didn't get any notification. I had to check manually.I think with a lot of their patches they seem to be letting those more serious about their security try it out on their computers before pushing it out to everyone. Although that could just be hopeful thinking, maybe it really does just take a lot of time for it to get to all users. I haven't seen it yet either and will probably wait until it's pushed out with the automatic updates since I'm almost exclusively using Firefox now. |
|