MooSoft Musings » Internet Explorer

Internet Explorer 6 and 7 Exploits in the Wild

moosoft — Wed, 10 Mar 2010 20:17:08 +0000

Active exploits for bugs in IE 6 & 7 are now in the wild. It is time to upgrade to IE 8 or another browser of your choice.

MicroSoft Says Don’t Press F1 for Help

moosoft — Wed, 03 Mar 2010 03:55:00 +0000

A new flaw has been discovered in IE that could allow an attacker to take control of your computer.

…attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared.

Microsoft advises its customers to not press F1 if a website tells them to.

Windows7 users are safe from this exploit.

See more here

Patch available for the IE exploit along with seven others

moosoft — Thu, 21 Jan 2010 23:47:02 +0000

Microsoft has released a patch for the IE exploit dubbed Aurora and seven other vulnerabilities. You can get the updates via Windows Update.

Details of the patches can be found here: http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx

Malware now exploiting the IE flaw

moosoft — Wed, 20 Jan 2010 15:56:48 +0000

There is now malware in the wild exploiting the IE flaw as reported here. If you haven’t already followed the suggestions there you should do so now.

UPDATE: Internet Explorer 0-Day Exploit Allows Remote Code Execution

moosoft — Tue, 19 Jan 2010 20:47:53 +0000

Microsoft is going to release a special patch for this exploit. I will update this post when they announce the date of the patch availability.

See http://blogs.technet.com/msrc/archive/2010/01/19/security-advisory-979352-going-out-of-band.aspx

UPDATE: The patch should be released tomorrow January 21st.

UPDATE: The patch is now available on Windows Update!

Internet Explorer 0-Day Exploit Allows Remote Code Execution

moosoft — Fri, 15 Jan 2010 09:49:17 +0000

What is is: A malicious website can be crafted that will allow IE to be compromised and allow code to be executed on your computer.

What is affected: Internet Explorer versions 6, 7 and 8.

What you can do:

Get the IE patch from WindowsUpdate.
Run Internet Explorer in protected mode on Vista and Windows7.
Use a lower access account when browsing the web. Do not log in as administrator.
Raise the security zone in Internet Explorer to high.
Use an alternate browser such as Firefox or Opera.

More technical details can be found @ http://www.microsoft.com/technet/security/advisory/979352.mspx