Major Internet Explorer Security Flaw Discovered
A newly-discovered flaw in Microsoft's popular Internet Explorer (IE) web browser could allow hackers to take control of a Windows-based computer. The Redmond, Washington-based firm has acknowledged that the problem exists and that it affects older versions of IE.
The firm has also released a temporary fix for the problem.
Microsoft Advises: Avoid Suspicious Links
"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said in a security advisory issued on Sunday, December 30, 2012.
Microsoft says the remote code execution flaw exploits the way its popular browser accesses a computer's memory. The vulnerability could reportedly allow a hacker to take control of a victim's computer system if the user browses to a malicious website.
"In a web-based attack scenario, an attacker could host a website ... that is used to exploit this vulnerability," Microsoft said in the security advisory. (Source: cnet.com)
"In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website."
This is a distinction without a difference, however, because most security exploits depend on a computer somehow connecting to a source of malicious software.
It appears, in fact, that this vulnerability has already been exploited. According to reports, the flaw was recently used to attack Windows users who visited the Council on Foreign Relations website. That's a non-partisan U.S. foreign policy think tank.
Reports also indicate the Council on Foreign Relations site had been infected with malicious code since December 21, 2012.
"We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability," noted security expert Darien Kindlund.
Flaw Affects Only Older Versions of IE
Microsoft insists this particular IE flaw affects only Internet Explorer 8 and older versions of its browser. The company says users of Internet Explorer 9 and 10 need not worry about this issue.
Microsoft has recently issued a temporary workaround for the problem in lieu of a full-fledged patch. If you use an older version of Internet Explorer, click here to visit Microsoft.com and learn more about the fix and how to obtain it. (Source: venturebeat.com)
Free guide: Windows 7 -- Free Quick Reference Card. Ask any pro computer user and they'll tell you: having to constantly reach for the mouse not only causes strain on your neck and back - it also slows you down. Imagine being able to control your computer the way it was meant to be - using your keyboard! With this guide, you'll learn to dramatically increase productivity using the best ways to navigate, organize, and manage your Windows PC and its contents. Most importantly: the majority of these shortcuts, tips, and tricks are valid for any PC, netbook, and laptop running Windows XP, Vista, and 7. Use it to brush up on the basics and to find alternate methods to your favorite commands. This printable quick reference guide is yours to use, distribute, and share! Click here to download this guide now! Note: this guide is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.