Another Week Goes by and Internet Explorer Users Still Ripe for Hijacking

Dr. Roy Schestowitz

2009-11-29 15:44:14 UTC
Modified: 2009-11-29 15:44:14 UTC

Summary: Microsoft leaves Internet Explorer users high and dry for weeks, having not addressed a zero-day flaw that compromises the entire operating system

LAST week we wrote about the Internet Explorer zero-day flaw -- a flaw which Microsoft has not resolved yet. IDG writes:

Hackers working on the open-source Metasploit project have spiffed up a zero-day attack on Microsoft's Internet Explorer, making it more reliable -- and more likely to be used by criminals.

Security experts have been worried about the flaw since it was first disclosed on the Bugtraq mailing list Friday. But the original demonstration code was unreliable and has not been used in real-world attacks.

But then came this IDG report, an advisory (not the same as patch), and SJVN wrote:

Earlier this week Microsoft announced yet another IE (Internet Explorer) bug. This one, Microsoft Security Advisory 977981, is one of the really bad ones that can allow attackers to take your Windows PC over. Yuck!

[...]

I think your best move to keep the world from sneaking in some malware over your browser is to get the latest versions of Firefox 3.5.5 or Google's Chrome 3.0.x Web browser. Neither is perfect, but they are better than IE. I wish I could recommend Opera, but I continue to have real concerns about Opera's built-in Web server security.

Indeed, this is an opportunity to recommend that people secure themselves by moving to another Web browser. Microsoft Thurrott does Microsoft's "damage control", having previously incited people against rival Web browsers like Opera. Other coverage includes:

● Exploit code targets Internet Explorer zero-day display flaw

● New Security Flaw Hits Internet Explorer 6 & 7

● New attack targets weakness in Internet Explorer

● Microsoft Issues Internet Explorer Security Advisory

This is pretty serious.

Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.

No report about a patch has been published yet. So, a good solution would be abandonment of Internet Explorer. ⬆

Smelling an opportunity

Recent Techrights' Posts

Hard Evidence Reinforces Suspicion That Mark Shuttleworth May Have Worked Volunteers to Death: Today we start re-publishing articles that contain unaltered E-mails
A Discussion About Suicides in Science and Technology (Including Debian and the European Patent Office): In Debian, there is a long history of deaths, suicides, and mysterious disappearances
[Video] Why Microsoft is by Far the Biggest Foe of Computer Security (Clue: It Profits From Security Failings): Microsoft is infiltrating policy-making bodies, ensuring real security is never pursued
Harassment Against My Wife Continues: Drug addict versus family of Techrights authors
Links 30/04/2024: Malaysian and Russian Governments Crack Down on Journalists: Links for the day
Frans Pop Debian Day suicide, Ubuntu, Google and the DEP-5 machine-readable copyright file: Reprinted with permission from disguised.work
Axel Beckert (ETH Zurich), the mentality of sexual violence on campus: Reprinted with permission from Daniel Pocock
[Meme] Russian Reversal: Mark Shuttleworth: In Soviet Russia's spacecraft... Man exploits peasants
Frans Pop & Debian suicide denial: Reprinted with permission from disguised.work
The Real Threats to Society Include Software Patents and the Corporations That Promote Them: The OIN issue isn't a new one and many recognise this by now
Links 30/04/2024: OpenBSD and Enterprise Cloaking Device: Links for the day
Microsoft Still Owes Over 100 Billion Dollars and It Cannot be Paid Back Using 'Goodwill': Meanwhile, Microsoft's cash at hand (in the bank) nearly halved in the past year.
Workers' Right to Disconnect Won't Matter If Such a Right Isn't Properly Enforced: I was always "on-call" and my main role or function was being "on-call" in case of incidents
[Teaser] Ubuntu Cover-up After Death: Attack the messenger
The Cyber Show Explains What CCTV is About: CCTV does not typically resolve crime
[Video] Ignore Buzzwords and Pay Attention to Attacks on Software Developers: AI in the Machine Learning sense is nothing new
Outline of Themes to Cover in the Coming Weeks: We're accelerating coverage and increasing focus on suppressed topics
[Video] Not Everyone Claiming to Protect the Vulnerable is Being Honest: "Diversity" bursaries aren't always what they seem to be
[Video] Enshittification of the Media, of the Web, and of Computing in General: It manifests itself in altered conditions and expectations
[Meme] Write Code 100% of the Time: IBM: Produce code for us till we buy the community... And never use "bad words" like "master" and "slave" (pioneered by IBM itself in the computing context)
[Video] How Much Will It Take for Most People to Realise "Open Source" Became Just Openwashing (Proprietary Giants Exploiting Cost-Free or Unpaid 'Human Resources')?: turning "Open Source" into proprietary software
Freedom of Speech... Let's Ban All Software Freedom Speeches?: There's a moral panic over people trying to actually control their computing
Richard Stallman's Talk in Spain Canceled (at Short Notice): So it seems to have been canceled very fast
Links 29/04/2024: "AI" Hype Deflated, Economies Slow Down Further: Links for the day
Gemini Links 29/04/2024: Gopher Experiment and Profectus Alpha 0.9: Links for the day
Debian 'Cabal' (via SPI) Tried to Silence or 'Cancel' Daniel Pocock at DNS Level. It Didn't Work. It Backfired as the Material Received Even More Visibility.: know the truth about modern slavery
Lucas Nussbaum & Debian attempted exploit of OVH Hosting insider: Reprinted with permission from disguised.work
Software in the Public Interest (SPI) is Not a Friend of Freedom: We'll shortly reproduce two older articles from disguised.work
Syria, John Lennon & Debian WIPO panel appointed: Reprinted with permission from disguised.work
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, April 28, 2024: IRC logs for Sunday, April 28, 2024
[Video] GNU and Linux Everywhere (Except by Name): In a sense, Linux already has over 50% of the world's "OS" market
[Video] Canonical Isn't (No Longer) Serious About Making GNU/Linux Succeed in Desktops/Laptops: Some of the notorious (or "controversial") policies of Canonical have been covered here for years
[Video] What We've Learned About Debian From Emeritus Debian Developer Daniel Pocock: pressure had been put on us (by Debian people and their employer/s) and as a result we did not republish Debian material for a number of years
Bruce Perens & Debian public domain trademark promise: Reprinted with permission from disguised.work
Links 28/04/2024: Shareholders Worry "AI" Hype Brings No Income, Money Down the Drain: Links for the day
Lawyer won't lie for Molly de Blanc & Chris Lamb (mollamby): Reprinted with permission from disguised.work
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, April 27, 2024: IRC logs for Saturday, April 27, 2024