IE vulnerability - 15 Jan

http://www.theregister.co.uk/2010/01/15/ie...loit_goes_wild/

and http://www.us-cert.gov/current/index.html#...advisory_979352

... and the German government goes wild too ...

http://news.bbc.co.uk/1/hi/technology/8463516.stm

Good find.

Lots of "spin management" going on. Bet its worse than anyone is letting on. Where is my tinfoil hat?

Some info also at http://www.wired.com/threatlevel

Good commentary on the sophistication of the Chinese attack. Malicious, but very clever.

This means "Update to Windows 7 / Vista and IE8", right ? :D

This means "Update to Windows 7 / Vista and IE8", right ? :D

It's actually gonna be to IE I believe; 6, 7 and 8 are affected though by default 8 has better protection (with DEP enabled by default).

Check out Microsoft's mitigation suggestions if you want to check/tweak your own configuration ... http://www.microsoft.com/technet/security/...ory/979352.mspx

This means "Update to Windows 7

After trying out Windows 7 in a computer store over the weekend I absolutely and completely fell in love with that OS, so much it was hard to come home and use XP Pro. Now just need a new PC that can run Windows 7 really good.

This means "Update to Windows 7 / Vista and IE8", right ? :D

Ah! I see what you mean now after Andavari's post <_<

I think the main point from an MS point of view is to upgrade to IE8 as far as that vuln. is concerned.

But that aside I'm looking forward to getting my hands on W7 ... like Andavari I want a new PC first though :D

Win7 can run on a P2 with 64 MB of RAM - it should be fine on your current PC :D

Thanks for sharing that, Andavari. Your opinion is worth a lot...but... may cost me money. :P

More info

http://blogs.technet.com/msrc/archive/2010...january-18.aspx

Believe it or NOT: here in Australia, the National news broadcasters this morning (radio, TV & Web) reporting on the MS IE browser / Google attacks finishes up by stating that the "Federal Government suggests business and home computer users use another browser for a while until MS comes up with an answer to the reported problem." end quote. This is true folks, you GOTTA wonder!!

Following the Germans there then.

If the government of either country were to bother to issue guidelines to "surf safely and securely" and "don't engage in illegal p2p activities" (the source of many users' problems from picking up infected files) it would be far more constructive. If the population bothered to follow that advice then it would save far more grief than just changing browser for a week or two 'cos someone's found an exploit that 'may' be on one or two out of the zillions of websites out there.

IMHO advice issued by those governments to home users is tantamount to scaremongering. I guess I can see more of a case for businesses being more alert because it's targeted emails that seems to have caught company employees unawares in the 'Chinese assault'.

And now MS tries to turn it into an 'opportunity' ... http://www.theregister.co.uk/2010/01/19/mi...rity_nightmare/

Microsoft to issue emergency patch (date not yet known) ... http://www.theregister.co.uk/2010/01/19/mi...mergency_patch/

Meanwhile Opera and Firefox get more trade ... http://www.theregister.co.uk/2010/01/20/op...st_ie_warnings/

what...opera releasing "new" pre-alpha's...does it sound good?..

firefox i think is planning to drop 3.5.7..and i think tomorrow they're releasing a new 3.6

Well I'm still happily plugging away with IE ... and I don't think it'll be long before we see a patch :)

Wow :blink: ... I wasn't thinking quite this quickly! ... http://www.theregister.co.uk/2010/01/20/mi...ency_ie_update/

Microsoft has a fix - http://news.bbc.co.uk/1/hi/technology/8469632.stm

I bet that's put a sock in the whole Internet Explorer is better and more secure than Firefox argument ;)

Richard S.

I'm surprised they got it out so quickly though ... think they were feeling the backlash.

Old Microsoft joke ...

A pilot is flying a small, single-engine, charter plane with a couple of really important executives on board into Seattle airport. There is fog so thick that visibility is 40 feet, and his instruments are out. He circles looking for a landmark and after an hour, he is low on fuel and his passengers are very nervous. At last, through a small opening in the fog he sees a tall building with one guy working alone on the fifth floor. Circling, the pilot banks and shouts through his open window: "Hey, where am I?". The solitary office worker replies: "You're in an airplane.". The pilot immediately executes a swift 275 degree turn and executes a perfect blind landing on the airport's runway five miles away. Just as the plane stops, the engines cough and die from lack of fuel. The stunned passengers ask the pilot how he did it. "Elementary," replies the pilot, "I asked the guy in that building a simple question. The answer he gave me was 100% correct but absolutely useless; therefore, I knew that must be Microsoft's support office and from there the airport is three minutes away on a course of 87 degrees."

No wonder the patch came out so quickly ... http://www.theregister.co.uk/2010/01/22/au...t_known_months/