IE zero-day vulnerability awaits patch

Published on December 16th, 2008

Microsoft has admitted that a serious flaw in security has left all users of Internet Explorer, the default web browser for most people, vulnerable to attack from hackers.

The loophole allows criminals to commandeer victims’ computers by tricking them into visiting tainted websites that steal passwords. Computer users are advised to switch to an alternative internet browser, such as Firefox or Google Chrome or Safari to be certain to avoid hackers who have so far corrupted an estimated 10,000 websites.

Microsoft said they are considering the release of an emergency update, which would close the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the programme, but warned that other versions are also potentially vulnerable…

Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates.

Runaway, runaway!

20 users responded in " IE zero-day vulnerability awaits patch "

Subscribe to this post comment rss or trackback url

# 1 Paddy-O said, on December 16th, 2008 at 9:30 am

http://www.microsoft.com/technet/security/advisory/961051.mspx

# 2 Improbus said, on December 16th, 2008 at 9:45 am

I only use IE under duress. I suspect the usage of Firefox among Dvorak crowd is fairly high. How about some browser stats for the site John and/or editors.

# 3 Dave W said, on December 16th, 2008 at 9:54 am

#2 “I only use IE under duress.”

Ditto. I used Netscape before EI came along, and have never particularly liked EI. These days I use Firefox and Opera almost exclusively. On the rare occasions that I MUST used EI, I find the new version confusing and just plain weird.

# 4 GregA said, on December 16th, 2008 at 10:03 am

Wow, Apples cratering Mac sales really have the Microsoft hating blog’o’sphere in a tizzy.

# 5 Raff said, on December 16th, 2008 at 10:06 am

I’m using the new blackbird browser. The only thing I don’t like about it is, it don’t translate everything into ebonics.

# 6 ECA said, on December 16th, 2008 at 11:20 am

MS installed a few back hole into IE for advertisers..And then sells the ABILITY to do popups and OTHER things to them.
They change the HOLES at times so they can RE-SELL the idea.
Do you really think the hackers ARNT going to find them??

# 7 Zybch said, on December 16th, 2008 at 11:34 am

#3 – So you’re one of the 5 people that uses Opera. Guess its like the mac, security via obscurity.
All joking aside though, like the vast majority of scams and vulnerabilities these days, this particular flaw relies on stupid people acting moronically by clicking links in emails and not having ANY common sense.
You can be sure that the majority of those affected by this will also be links in many of the stupid chain emails who really do believe that Bill Gates will give them $1000 if they forward the chain on to 20 of their stupid gullible friends who will immediately do the same…

# 8 Improbus said, on December 16th, 2008 at 11:43 am

All joking aside though, like the vast majority of scams and vulnerabilities these days, this particular flaw relies on stupid people acting moronically by clicking links in emails and not having ANY common sense.

Common sense to you and me but not to the hoi polloi.

# 9 James Hill said, on December 16th, 2008 at 1:23 pm

#4 – Cratering? They didn’t go down year-over-year, so no, your analysis is wrong.

As usual.

Don’t bother responding. You already know you’re owned.

# 10 Zybch said, on December 16th, 2008 at 1:54 pm

#8 – True. Unfortunately as you make computers more and more idiot proof, more and more idiots will use them, a fact apple corp has capitalized upon quite successfully. And as we (thats you and me) know its these idiot users that really do think they’ll ‘Win an iPod by clicking on the monkey!!’
You should have to take a test to get a license to use a computer (and have kids).

# 11 jescott418 said, on December 16th, 2008 at 2:01 pm

Apple just had a bunch of security patches too. Firefox before that.
Google Chrome too. Seems nothing is safe anymore. I guess we just need to jump from one browser to another depending on which way the malware is going.

# 12 BillBC said, on December 16th, 2008 at 2:03 pm

Question: I use Firefox almost all the time, Opera when I’m in a hurry. Firefox has a tab that lets you switch the rendering engine to IE when you are at some stupid site that requires it. Would this leave me vulnerable as well? I never use IE straight….

# 13 Not Dvorak said, on December 16th, 2008 at 2:58 pm

Not only have I read that Firefox and Chrome are not vulnerable to hackers, but using them instead of IE also makes your penis larger. Must be true, I read it somewhere.

# 14 amodedoma said, on December 16th, 2008 at 4:24 pm

Well Duh!

Those who support the evil empire shall be smitten in the hell they create!
Down with the Monopoli$tic tyrant!

Just a word of advice to the innocent, ignorant, or uninformed – ALWAYS use alternatives to M$ where possible or practical.

# 15 deowll said, on December 16th, 2008 at 4:53 pm

I don’t have the link but the news article I just read said that all the major browsers are wide open.

# 16 Zybch said, on December 16th, 2008 at 5:46 pm

#12 – Unfortunately I think the addon you have that allows IE rendering probably actually uses IE in much the same way that outlook used IE in the preview window, so no, you’re not really safe.
Then again, you probably don’t act like a stupid ignorant peon and get tricked into opening every damn link you see.

# 17 FRAGaLOT said, on December 16th, 2008 at 7:05 pm

This story was acctually reported on my morning local news on TV. They even had a “teaser” referring to “a popular internet software that could lead your PC to being hacked…”

My first thought was, oh Internet Explorer? Well no-duh? How is this “news” when everyone has known this for close to a decade now? Glad the tech-stupid mass media has caught up finally. They were probably running IE on the laptops on the anchor’s desks already running spam bots.

# 18 GetSmart said, on December 16th, 2008 at 9:17 pm

Microsoft has code named the new security patch “Firefox”

# 19 Lou said, on December 16th, 2008 at 11:27 pm

Thats mighty white of msft to come out with an update early.
Ballmer has to go.

# 20 ogman said, on December 17th, 2008 at 5:01 am

It’s interesting how many critical government and business operations are offline due to this vulnerability. Even mainframe computing is effected, because trouble tickets and other support is now web-based. Hey Dvorak, can we get a new commentary on “cloud computing?” I know John “loves” the cloud!

Leave Your Reply Below...

Comment Moderation is Active, so if your comment doesn't
show up immediately, please don't submit it again.

Special Deals 4U

25% off eHarmony subscription with code EHTECH
12-percent discount forever with code TECH
10-percent discount and free month using TECH10
10-percent or 30 dollars off weekly car rental!
Get 10-percent discount on car rental!
Get 10% off rental cars!
Get 10% off Dollar rentals!
Discounts on domain names!