Microsoft Fixes Explorer Flaw

JohnDotCom · 18th December 2008, 09:40

Microsoft Fixes Explorer Flaw

2 hours 32 mins ago
Sky News
Microsoft has rushed out an emergency fix for its Internet Explorer (IE) software after the discovery of a flaw which allows hackers to take over PCs.

Microsoft Fixes Explorer Flaw
The company released the patch on its own rather than waiting for its regular security update next month.
The flaw was discovered last week and attacks were "spreading like wildfire", according to software security firm Trend Micro.
The company's senior security adviser Rik Ferguson told Sky News Online: "It's a flaw that affects every version of Explorer on all versions of Windows."
Mr Ferguson explained that many cyber criminals operate by using malware - software that is installed on people's computers without them knowing.
The software can then run in the background and connect to servers elsewhere, giving it the potential to detect and then pass on confidential information.
He explained that many pieces of malware are 'injected' onto websites across the world, often by cybercriminals who install them by using sign-up forms or other methods of interacting with a website.
The malware then runs a piece of Javascript that can detect when the site is being accessed on Explorer, and it then activates and downloads the malicious software.
Trend Micro believes as many as 10,000 sites have already been compromised, though Mr Ferguson said it is impossible to know how many might have been hit.
He advised switching to another browser until the patch has been downloaded and installed, as the malicious code only activates when it detects Explorer.
Microsoft rejected this advice and instead recommends putting security settings at high and turning Vista onto protected mode.
Mr Ferguson said: "All of their solutions are going to make browsing less attractive, less interactive and a lot less normal."
John Curran, head of Microsoft's Windows commercial business group in the UK, said: "Obviously when you are talking about a customer base of over one billion people, any amount of vulnerability is too much and any type of infection is going to see a large number of people affected by it."
He added the flaw was primarily being exploited in China, where it has been used to steal passwords from gamers.
Concerned users should go to http://www.microsoft.com/protect/default.mspx to download the update.

18th December 2008, 09:40	#1
JohnDotCom * Rover 75 FaceLift Tourer CDTi 170BHP Auto ConnSE 2005 Model Starlight Silver Join Date: Nov 2006 Location: Abergele Posts: 28,735 Thanks: 0 Thanked 6 Times in 5 Posts	Microsoft Fixes Explorer Flaw Microsoft Fixes Explorer Flaw 2 hours 32 mins ago Sky News Microsoft has rushed out an emergency fix for its Internet Explorer (IE) software after the discovery of a flaw which allows hackers to take over PCs. Microsoft Fixes Explorer Flaw The company released the patch on its own rather than waiting for its regular security update next month. The flaw was discovered last week and attacks were "spreading like wildfire", according to software security firm Trend Micro. The company's senior security adviser Rik Ferguson told Sky News Online: "It's a flaw that affects every version of Explorer on all versions of Windows." Mr Ferguson explained that many cyber criminals operate by using malware - software that is installed on people's computers without them knowing. The software can then run in the background and connect to servers elsewhere, giving it the potential to detect and then pass on confidential information. He explained that many pieces of malware are 'injected' onto websites across the world, often by cybercriminals who install them by using sign-up forms or other methods of interacting with a website. The malware then runs a piece of Javascript that can detect when the site is being accessed on Explorer, and it then activates and downloads the malicious software. Trend Micro believes as many as 10,000 sites have already been compromised, though Mr Ferguson said it is impossible to know how many might have been hit. He advised switching to another browser until the patch has been downloaded and installed, as the malicious code only activates when it detects Explorer. Microsoft rejected this advice and instead recommends putting security settings at high and turning Vista onto protected mode. Mr Ferguson said: "All of their solutions are going to make browsing less attractive, less interactive and a lot less normal." John Curran, head of Microsoft's Windows commercial business group in the UK, said: "Obviously when you are talking about a customer base of over one billion people, any amount of vulnerability is too much and any type of infection is going to see a large number of people affected by it." He added the flaw was primarily being exploited in China, where it has been used to steal passwords from gamers. Concerned users should go to http://www.microsoft.com/protect/default.mspx to download the update.