Wednesday, November 25, 2009

Zero-Day exploit for Internet Explorer

Here is a security advisory issued by Microsoft: http://www.microsoft.com/technet/security/advisory/977981.mspx

If you are running MS Internet Explorer, you should keep an eye out for when they actually patch this zero-day vulnerability. In the mean time, practice safe cyber-jutsu.

This was originally posted to the Bugtraq mailing list last Friday. At the time, the exploit code was said to be "unreliable". It is getting more reliable, and the threat is growing.

The attack will probably come in the form of malicious websites being set up with the exploit code, as well as hacked websites being made use of as un-knowing agents of the malicious hackers. The style of attack is sometimes referred to as a "drive-by". If you visit the site with the vulnerable Internet Explorer browser, you will be compromised.

So, the safe cyber-jutsu move here would be to use an alternative browser, at least for the time being. Both Firefox and Safari are availble for the Windows platform. Knowing how to use more than one browser shouldn't stress your cyber-jutsu too much.

If you love Internet Explorer, it will still be there after Microsoft finds, implements, and rolls out a fix. It is said that the latest version of IE is not impacted by this. So, you could update to IE 8 as well. I still recommend having more than one brand of web-browser.

If you had two cars, and one of them had a recall for the breaks - you would drive the other car until the flawed one was fixed. This is really no different. Except the alternative browsers aren't going to cost you a dime.

Sensei Metajunkie

No comments:

Post a Comment