Code that takes advantage of a security hole in Internet Explorer has been published on the Web and could be used by someone to unleash an e-mail virus that could put people's computers and data at risk, Microsoft and security experts said Thursday.
As with many such attacks, malicious code could sneak onto an unwitting victim's computer after the user is enticed to open an e-mail attachment containing the code or lured to visit a Web site with the code hidden in it. Once the computer is infected, an attacker could take control of the machine remotely, steal data and use the computer to attack others.
"We have seen examples of proof-of-concept code, but we are not aware of attacks that try to use the reported vulnerabilities, or of customer impact, at this time," Microsoft said in a security advisory posted on its Web site.
People using so-called fully patched versions of IE 6 and Microsoft Windows XP with Service Pack 2 are affected. Customers who use IE 7 Beta 2 Preview, which was released March 20, are not affected by the "createTextRange" vulnerability, Microsoft said.
To fix the problem, the company said it would provide an update in an upcoming security release. In the meantime, Microsoft advised IE users to avoid visiting untrusted Web sites and to avoid opening e-mail attachments from unknown senders. It also recommending changing the IE settings to disable Active Scripting. Web surfers could also choose to use a browser that's not affected by the vulnerability.
Security company Secure Elements rated the severity of the vulnerability at its highest level, 10, because it can be remotely exploited and an exploit has been released.
"Internet Explorer users can expect a virus or worm in the very near future," Scott Carpenter, director of security labs at Secure Elements, said in a statement. "The most probable vector for this worm will be in the form of spam with malicious links that will tempt users into clicking on a link that takes them to a malicious Web site."
This is the third security flaw Microsoft is investigating this week. The software giant said Tuesday that it was investigating a security flaw that could let an attacker gain control of a vulnerable Windows computer. The company said Monday it was looking into a vulnerability that could cause IE to crash.
Sorry dude, nothing from Microsoft is designed to protect you from anything. Security is an after-thought in MS product development, something they deal with after releasing a product.
Sorry dude, nothing from Microsoft is designed to protect you from anything. Security is an after-thought in MS product development, something they deal with after releasing a product.
Use a Mac!! Yeah, I know, there were those false stories a couple of weeks ago about a supposed Mac virus/security threat. Well, pay no attention to the man behind the curtain.
How can anyone take M$ seriously when these security flaws show up EVERY week?? Well, I guess if you only update your OS every 5+ years, you have to expect that such OLD technology is just Swiss cheese.
Problem is though, do you expect any more protection of the customer in Vista? Answer honestly now.......
Use mac, and watch 50% of your progs not work anymore.. smart
yea... ya know.. use a Mac and have just about half of your programs not working anymore. Its not an easy jump. If your going to make a jump like that, might as well jump to *nix instead.. most people are not ready for that.
Use a Mac!! Yeah, I know, there were those false stories a couple of weeks ago about a supposed Mac virus/security threat. Well, pay no attention to the man behind the curtain.
How can anyone take M$ seriously when these security flaws show up EVERY week?? Well, I guess if you only update your OS every 5+ years, you have to expect that such OLD technology is just Swiss cheese.
Problem is though, do you expect any more protection of the customer in Vista? Answer honestly now.......
Use mac, and watch 50% of your progs not work anymore.. smart
yea... ya know.. use a Mac and have just about half of your programs not working anymore. Its not an easy jump. If your going to make a jump like that, might as well jump to *nix instead.. most people are not ready for that.
I had to format my machine as this exploit was used to install a password-stealing trojan on my machine. I used a new hard drive and examined the old, and found exactly how and where I got attacked. I got hit by an ad served by "popunder.paypopup.com" while visiting "gallery.hilary-duff.net". And I have all the evidence to back it up. If popup ad providers are serving this stuff up, it's liable to infect people anywhere they go on the net. Time to not use IE for a little while...
I had to format my machine as this exploit was used to install a password-stealing trojan on my machine. I used a new hard drive and examined the old, and found exactly how and where I got attacked. I got hit by an ad served by "popunder.paypopup.com" while visiting "gallery.hilary-duff.net". And I have all the evidence to back it up. If popup ad providers are serving this stuff up, it's liable to infect people anywhere they go on the net. Time to not use IE for a little while...
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
For people who don't have time to tend a Zen garden, the Zen Table will handle the work for you. The table is filled with silicone beads and a robotic system that "rakes" images into the sand.
The Washington State Senate passed a bill that would charge electric car owners $100 per year to compensate for not paying gas taxes. The bill still has to pass the House.
couple of weeks ago about a supposed Mac virus/security
threat. Well, pay no attention to the man behind the curtain.
How can anyone take M$ seriously when these security flaws
show up EVERY week?? Well, I guess if you only update your OS
every 5+ years, you have to expect that such OLD technology is
just Swiss cheese.
Problem is though, do you expect any more protection of the
customer in Vista? Answer honestly now.......
False stories? No. Blown out of proportion? Yes.
Though it may be much more secure, Mac's are getting much more attention from 'hackers' now.
Until Mac's can run the same high-profile programs that Windows does, then it really is a big leap to switch.
couple of weeks ago about a supposed Mac virus/security
threat. Well, pay no attention to the man behind the curtain.
How can anyone take M$ seriously when these security flaws
show up EVERY week?? Well, I guess if you only update your OS
every 5+ years, you have to expect that such OLD technology is
just Swiss cheese.
Problem is though, do you expect any more protection of the
customer in Vista? Answer honestly now.......
False stories? No. Blown out of proportion? Yes.
Though it may be much more secure, Mac's are getting much more attention from 'hackers' now.
Until Mac's can run the same high-profile programs that Windows does, then it really is a big leap to switch.