Sunday, September 17, 2006
How much to worry about latest IE bug
Your friends who still run Internet Explorer are at risk from a newly disclosed security hole. It's the worst kind, the kind where simply visiting a malicious web site can end with your computer taken over.
This is at the stage of development where someone has found the problem and has published an example program to take advantage of it. The next step will be that bad guys will start using it against you. That hasn't happened yet, apparently, but it will soon.
Your options are to try to avoid sleazy web sites and hope that nobody takes over a legitimate one that you visit until Microsoft releases a fix (second Tuesday of October), or follow the advice of the Department of Homeland Security and use another browser.
UPDATE 9/20:
Antivirus firm F-Secure suggests a workaround. It involves disabling a feature that you've probably never heard of ("VML") and almost certainly don't need.
UPDATE 9/20:
Worry more. There are now malicious web sites using this attack in real life.
UPDATE 9/23:
It's getting worse. Bad guys are now breaking into normal web sites and changing them to include the code that takes over your computer. Apply the workaround, or better yet don't click on the blue E.
UPDATE:
Microsoft has released a patch ahead of schedule. Run Windows Update.
|
This is at the stage of development where someone has found the problem and has published an example program to take advantage of it. The next step will be that bad guys will start using it against you. That hasn't happened yet, apparently, but it will soon.
Your options are to try to avoid sleazy web sites and hope that nobody takes over a legitimate one that you visit until Microsoft releases a fix (second Tuesday of October), or follow the advice of the Department of Homeland Security and use another browser.
UPDATE 9/20:
Antivirus firm F-Secure suggests a workaround. It involves disabling a feature that you've probably never heard of ("VML") and almost certainly don't need.
UPDATE 9/20:
Worry more. There are now malicious web sites using this attack in real life.
UPDATE 9/23:
It's getting worse. Bad guys are now breaking into normal web sites and changing them to include the code that takes over your computer. Apply the workaround, or better yet don't click on the blue E.
UPDATE:
Microsoft has released a patch ahead of schedule. Run Windows Update.
# posted by Frederick @ 3:50 PM Email to a friend:
Haloscan: they provide trackback