Microsoft published a patch for Internet Explorer on Wednesday, aiming to close a month-old hole that has been used by viruses to spread and by an ad banner attack to compromise PCs.
The vulnerability, dubbed the Internet Explorer Elements flaw by Microsoft, had previously been called the iFrame vulnerability. The issue--which does not affect Microsoft's major Windows XP security update, Service Pack 2--could allow an attacker to take control of a victim's PC, if the user is logged on as an administrator. Most home users tend to log onto Windows as administrators.
A Microsoft representative said the software giant had released the update before its next scheduled patch day, Dec. 7, because it had already been used by malicious software to compromise Windows users' PCs.
"That's one of the things that we factor in--when the customers are affected or there are active attacks," said Stephen Toulouse, security program manager at Microsoft's security response center.
Reliance on a single software raises level of risk.
An attacker can use the vulnerability to gain control of a person's computer when the victim clicks on a simple Web link. The attacker would then have complete control of the system, and could install programs, view, modify or delete data and create new accounts.
The patch arrived more than a month after news of the vulnerability was first posted on public security mailing lists. The move garnered criticism from Microsoft, which has led a drive to convince security researchers to give software makers at least 30 days to fix issues before outing the problem in public forums.
The IE flaw underscores that online criminals are all too willing to use the latest vulnerabilities to take illicit control of users' PCs.
Two computer viruses appeared on the Internet in early November, using the vulnerability in Microsoft's browser to infect PCs after their users clicked on a simple Web link. The viruses, called Bofra.A and Bofra.B by antivirus companies, were loosely based on the source code of MyDoom.
In addition, online intruders breached the security of at least one server at advertising host Falk last week and used the computer to distribute an attack to the service's clients, including The Register, a technology news and opinion site.
The IE Elements flaw affects PCs with IE version 6 installed, but does not affect computers that have been upgraded to Service Pack 2. The software, the latest version of Windows XP, has been downloaded more than 130 million times, Microsoft's Toulouse said.
At least one verified. You can read about it here: <a class="jive-link-external" href="http://www.theregister.co.uk/2004/11/21/register_adserver_attack/" target="_newWindow">http://www.theregister.co.uk/2004/11/21/register_adserver_attack/</a>
At least one verified. You can read about it here: <a class="jive-link-external" href="http://www.theregister.co.uk/2004/11/21/register_adserver_attack/" target="_newWindow">http://www.theregister.co.uk/2004/11/21/register_adserver_attack/</a>
Virus,security threats and spyware are getting worse and worse every day...Before I was getting calls on weekly base now I get calls on DAILY base to clean up computers and I am not even trying to reach all people...Most computers require complete Windows Reinstall and update in order to function again,patching and scaning is too late with computer alredu infected and messed up. And Microsoft dares to talk how safe and secure Windows and IE is.
Virus,security threats and spyware are getting worse and worse every day...Before I was getting calls on weekly base now I get calls on DAILY base to clean up computers and I am not even trying to reach all people...Most computers require complete Windows Reinstall and update in order to function again,patching and scaning is too late with computer alredu infected and messed up. And Microsoft dares to talk how safe and secure Windows and IE is.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
$8 billion dollar R&D budget and it still takes a month? And Microsoft claims that their browser is "just as secure as the other browsers".
Ditch IE - it's a sinking ship. Any other browser will give you far better protection (namely Firefox or Opera).
P.S. Maxthon, Avant and Slimbrowser all use IE to render their pages so they too are affected.
But then, they've been ditched for years.
$8 billion dollar R&D budget and it still takes a month? And Microsoft claims that their browser is "just as secure as the other browsers".
Ditch IE - it's a sinking ship. Any other browser will give you far better protection (namely Firefox or Opera).
P.S. Maxthon, Avant and Slimbrowser all use IE to render their pages so they too are affected.
But then, they've been ditched for years.
<a class="jive-link-external" href="http://www.theregister.co.uk/2004/11/21/register_adserver_attack/" target="_newWindow">http://www.theregister.co.uk/2004/11/21/register_adserver_attack/</a>
<a class="jive-link-external" href="http://www.theregister.co.uk/2004/11/21/register_adserver_attack/" target="_newWindow">http://www.theregister.co.uk/2004/11/21/register_adserver_attack/</a>
And Microsoft dares to talk how safe and secure Windows and IE is.
And Microsoft dares to talk how safe and secure Windows and IE is.