Internet explorer 6-9 vulnerability

[aia]

Apparently there is some kind of unpatched vulnerability for Internet Explorer version 7-9 (6-9?).

The general advice is not to use Internet Explorer at all until it's fixed. There is a tool from Microsoft, "EMET", that could work to somewhat stop attacks.

(Just stumbled over this, I have no details on what it's about.)

Update: Hackers exploit new IE zero-day vulnerability (Computerworld)

Sooner or later these kinds of attacks might come to entropia users (a couple of years ago it was an ad service here that spread an attack, and a couple of months ago it was the blog site for Next Island) - so it might be good with a heads-up.


Other links (well click with caution...)
New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7
Enhanced Mitigation Experience Toolkit v3.0
Swedish IDG: http://www.idg.se/2.1085/1.466406/hackare-utnyttjar-nytt-sakerhetshal-i-ie

 

[Meric]

As far as I am aware this is more of a problem with Java. I have seen suggestions that switching off Java is what is required.

 

[Leona]

As far as I am aware this is more of a problem with Java. I have seen suggestions that switching off Java is what is required.

No, this is a new one. Not Java related. Has to to with <img> tag handling.

 

[Moonbiter]

There are people who still use IE? Really?

 

[Fifth]

There are people who still use IE? Really?

41% of North Americans.

 

[ermik]

There are people who still use IE? Really?

there have been 0-days for firefox aswell so IE isnt really unique in that way.

 

[aia]

As far as I am aware this is more of a problem with Java. I have seen suggestions that switching off Java is what is required.

This is another (new) thing.

The java bug was fixed in a release about a month ago as far as I know (1.6.35, dunno the 1.7 version number).

 

[Meric]

This is another (new) thing.

The java bug was fixed in a release about a month ago as far as I know (1.6.35, dunno the 1.7 version number).

Having dug a bit further, I see you are correct - this is not the Java problem but a new one.

Also, while the Java problem had a patch, almost immediately another problem was found, so caution is still advised.

 

[Jimmy B]

The general advice is not to use Internet Explorer ever again.

Fixed it for you.

 

[RobBuona]

There are people who still use IE? Really?

I use it at work because some of our applications only work with IE.

And then I have Chrome open for my personal browsing. But, I would still be counted as using IE.

 

[Meric]

I may be wrong, but I believe that everybody running EU is using IE. The start screen after accepting the EULA is an instance of IE as far as I know!

 

[Jimmy B]

I may be wrong, but I believe that everybody running EU is using IE. The start screen after accepting the EULA is an instance of IE as far as I know!

Didn't know that, but it should be fine. You've got to get somewhere that can take advantage of the vulnerability, the client loader won't take you to such a place (well, you'd hope).

As always of course, the best advice that can be offered is 'get a Goldcard'.

 

[maggie5]

There are people who still use IE? Really?

Yes, I use IE. Why not.

 

[headshotpro]

From own personal experience is best not to use this browser, I got virus only 1 week ago by having "java enable". Be safe out there. I say go chrome.

 

[somon90]

IE 9-10 is actually quite fine, that said IE 6-8 should never be used by anyone. Due to the fact that many people still use these pieces of shite most people working with web development have to spend way to much time and resources, I have heard of some projects that had to hire people that worked exclusively just to work things out for older versions of internet explorer.

Someone really should develop a virus that only targets IE6-8 just to make the people and companies that still use that shite upgrade to a newer browser.