- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
March 26, 2006 | Comments: (0)
Update on latest IE vulnerability
Latest news on IE vulnerability
1. Live exploit code is being posted on the Internet, but so far volume has been light. Even DShield has lowered the threat icon to green, from yellow. Report any new web sites hosting infected code to secure@microsoft.com. They will research any reported web site and get it closed down if confirmed.
2. Some advisories say that you must click on a link to be compromised. Not true. Vulnerability can be embedded in HTML email. So, if your email client renders HTML scripted-email automatically (when the email is opened or viewed in the Preview pane), you could be at risk. Outlook 2003 disables scripting in email by default, so this threat should not happen by default. I have always recommended only allowing plain-text ASCII in all emails. Doing otherwise is too risky.
3. This vulnerability does not affect the latest builds of IE 7 Beta 2 (IE7 Beta 2 Preview (Mix Build)) Some previous IE 7 Beta builds did not have the fix.
4. Microsoft is taking this exploit seriously and staying engaged "on the ground".
5. IE 6 patch will be released in next IE monthly patch.
Microsoft's security advisory http://www.microsoft.com/technet/security/advisory/912945.mspx
Microsoft security blog on issue
http://blogs.technet.com/msrc/archive/2006/03/25/423116.aspx
Posted by Roger Grimes on March 26, 2006 07:34 AM
RATE THIS ARTICLE:
-
- COMMENTS
Nearly 200 websites identitied hosting code targeting IE flaw. Per Websense (http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=451):
To date we have discovered more than 200 unique URL's that are using the vulnerability to run exploit code. The most common is the use of shellcode to run a Trojan Horse downloader that downloads additional payload code over HTTP. The additional payload has been various forms of BOT's, Spyware, Backdoors, and other Trojan Downloader's.
-------------
200 isn't a lot, and overall exploitation of this IE flaw is still low. However, it's out there.
TOP STORIES
ADDITIONAL RESOURCES
- Why Linux Threats Mean Business
- Do you have the power to resolve technical issues with one call?
- Take control of your content- leverage Microsoft SharePoint
- Windows Vista: A Cyber Security Shield
- 8 Phases of a Successful Consolidation Initiative
- Solving 9 Common IT Challenges Through Workload Profiling and Portability
